The University of Toledo Law Review, Winter 2006

USING THE SECURITIES ANDEXCHANGE COMMISSION'S STATUTORY WEAPONRY TO COMBATSPAM

John Reed Stark• and Carolyn E. Kurr••

My name is Spam. Spam/Am. I have some stuffI'd like to sell. Take a look! It's really swell!

I do not want your worthless spam. I do not want it, Spam I Am.

Spam/Am: How about some fast cash? Fifty Thousand in ajlash!!!

How stupid do you think I am? I won 't join your shady scam. 1

INCE the earliest campaigns in the mid-1990s, "spam" (unsolicited bulk e Smail) has placed a continuous and almost immeasurable burden on the entire online community. In fact,the term originates froma skit in Monty Python's Flying Circus involving a restaurant that serves Spam, a brand of canned meat, with all of its food. To the other diners' irritation, each time the waitress recites the spam filledmenu, a groupof Vikings sitting in a cornerloudly sing "Spam, spam, spam, spam, spam, spam, spam, spam, lovely spam! Wonderful spam!"until told to shut

• John Reed Stark is Chief of the Officeoflnternet Enforcement, Counselor to the Director of the Division ofEnforcement,and is in charge of the Division of Enforcement'sInternet Program at the United States Securities and Exchange Commission (SEC). He is also an Adjunct Professor of Law at Georgetown University Law Center, where he teaches a course on the securities laws and the Internet. Mr. Stark serves as Co-Chair of the American BarAssociation Subcommittee on Securities Law and the Internetand has written a range of articles published in various law journalsconcerning securities regulation and the Internet. •• CarolynE. Kurris a senior counsel in the SEC's Officeoflnternet Enforcement. The SEC disclaims anyresponsibility forany private publication or speech by any of the members ofits staff. The views expressed herein arethose of the authors and do not necessarily reflectthe views of the SEC or the authors' colleagues on its staff. 1. Spam I Am, http://strangecosmos.com/content/item/l02649.html (last visited Aug. 20, 2005) (mimicking the famous children's novel Green Eggs and Ham by Theodore Giesel (1997)).

271 UNIVERSITY OF TOLEDO LAW REVIEW [Vol. 37

up.2 Thus, from its inception spare represented something that keeps repeating and repeating itself to an audience's great annoyance. Today, spam clogs the inboxes of almost every Internet user. Anyone who maintains an e-mail account likely has experienced the mind-numbing frustration of sifting through dozens of unwanted spam messages advertising everything from sexual aids and pornography to investment advice and moneymaking schemes. The spain plague has increased dramatically in recent years, from 8% of all e-mail traffic in 2001, to between 75% and 80% of all e-mail traffic in 2004.' Spam is no joke: it imposes substantial costs on both individuals and businesses, and places tremendous burdens on overloaded servers and Internet service providers (ISPs) across the globe. Increasingly, it is not only considered a menace, but also an economic crime. The costs of handling spam add up to real money. One research company estimates that spain costs American businesses $10 billion per year, while another estimates the cost at a conservative $9 billion, including $4 billion in productivity losses.4 The average employee receives an estimated 7500 pieces of unsolicited commercial e-mail per year,5 resulting in a 3.1% loss in productivity.6 Spam has a similarly deleterious effect internationally, costing an estimated $20.5 billion to businesses worldwide. 7 Because spain is relatively inexpensive and easy to create, fraudsters, hucksters, and other con artists often employ spain as a marketing tool to find investors for bogus investment schemes or to spread false information about a company. Unlike old-fashioned boiler room scams which required costly infrastructures with an actual office and a network of salespersons, spammers can now send tens of millions of fraudulent promotional and sales materials to potential investors at minimal cost with just a click of the mouse. In April 2003, the Federal Trade Commission (FTC) published the results of its study of 1000 spam messages, and reported that 66% of the messages were fraudulent or deceptive in some way.' Furthermore, the FTC found that a full 20% of spam messages promote some sort of "get-rich-quick" scheme.9 Though somewhat limited in its jurisdiction, the Securities and Exchange Commission (SEC) has taken an extraordinarily active role in protecting investors against spanmers' fraudulent investment-related schemes and thus far has achieved a high degree of success in stopping spammers in their tracks. In fact, when spam

2. Gavin Herlihy, Spam, spam, spam, spam, e-mail, span, spam, spam, spam, spam, spam, spam, SCOTSMAN, Sept. 13, 1999, at 22. 3. David McGuire, A Year After Legislation,Spam Still Widespread; Technology Seen as Best Development, WASH. POST, Jan. 4, 2005, at E5; Elizabeth A. Alongi, Has the U.S. Canned Spam? 46 ARIz. L. REV. 263, 263 (2004). 4. Stephanie Schorow, FrustratedE-mail Users Struggle to Put Nuisance Back in the Can, BOSTON HERALD, July 16, 2003, at 42; Steven Brostoff, Will Canning Spam Hurt Commerce?, NAT'L UNDERWRITER (Life & Health/Financial Services ed.), Mar. 3, 2003, at 5. 5. Spain Hits an All-Time High, AUSTRALIAN (New South Wales), June 15, 2004, at C3. 6. Josee Valcourt, The Spam Factor,CLARION-LEDGER (Jackson, Miss.), July 22, 2004, at IC. 7. Erin Elizabeth Marks, Spammer Clogs In-boxes Everywhere: Will the CAN-Spam Act of 2003 Halt the Invasion?, 54 CASE W. RES. L. REv. 943, 944 (2004). 8. Joseph Siegel, 2/3 ofSpam a Real Sham, FTC Reports, DAILY NEWS (New York), Apr. 3, 2003, at 8. 9. Marks, supra note 7, at 945. Winter 2006] COMBATING SPAM began to flourish in the late 1990s, the SEC employed its basic arsenal of statutory provisions, including powerful anti-fraud provisions, to combat a variety of fraudulent spam campaigns without the need for additional rules or regulations.' The Commission also successfully utilized other pre-existing provisions in new and innovative ways to reign in spammers' questionable practices, without encountering many of the constitutional challenges facing much ofthe legislation that specifically targets spam. For instance, the Enforcement Division brought numerous actions against online spammers for violating Section 17(b) of the Securities Act of 1933," a long-standing provision prohibiting publication of paid-for touts without full disclosure of the compensation arrangement. The Internet brought this provision into the limelight because spanmers frequently presented paid-for stock touts as the result of independent analysis, when, in fact, the opinions were bought and 12 paid for. In recent years, numerous states have enacted new anti-spain statutes, and the federal government enacted a law in December 2003 that limits spammers' permissible activities. 3 This article provides a brief overview of recent federal and state initiatives, as well as the challenges they face. In addition, this article chronicles the Commission's enforcement efforts against fraudulent spam, namely, offering frauds, momentum plays, pump and dump schemes, and discusses other innovative ways in which the Commission applied technical federal securities laws within the context of spam. Finally, this article evaluates the Commission's ongoing role in the effort to fight fraudulent spam.

I. PRIVATE PARTIES, THE STATES, AND FEDERAL REGULATORS TACKLE SPAM

I deleted the spain mail. Shut down for the day. (Outlook was startingto crash anyway). Then turned off the lights and stepped out the door. As for spain mail andjunk mail, I knew there 'd be more. 14

A. ISPs Lead the Fight in PrivateActions againstSpammer

Consumers, businesses and Internet Service Providers (ISPs) constantly struggle with the burdens of spam. Businesses and individual e-mail users aggravated by a constant influx of unwanted e-mails shop for the ISPs with the best anti-spam

10. See Press Release, SEC, SEC Conducts First Ever Nationwide Internet Securities Fraud Sweep, Charges 44 Stock Promoters in 23 Enforcement Actions (Oct. 28, 1998), available at http://www.sec.gov/news/press/pressarchive/1998/98-117.txt [hereinafter SEC Press Release No. 98- 117]. 11. 15 U.S.C. § 77q(b). 12. See SEC Press Release No. 98-117, supra note 10; Press Release, SEC, SEC Continues Internet Fraud Crackdown (Feb. 25, 1999), available at http://www.sec.gov/news/press/pressarchive/ 1999/99-24.txt [hereinafter SEC Press Release No. 99-24]. 13. Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003, 15 U.S.C. § 7701-7713 (Supp. 2005). 14. The Net Before Christmas, http://www.p45.net/cgi-bin/j okes/index.cgi?ref=browse&f-=view &id= 1008612814159134179232&block=-36 (last visited Sept. 12, 2005). UNIVERSITY OF TOLEDO LAW REVIEW [Vol. 37 software, purchase their own software filters, and even create new e-mail accounts in hopes of escaping spammers' attention, if only for a little while. ISPs have little choice but to institute costly internal equipment, procedures, and programming to reduce the amount of spam reaching customers and to minimize spam's impact on the speed and utility of their systems. Thus, consumers, private companies, and ISPs alike have clamored for increased legislation against span on both the state and federal levels. ISPs, arguably facing the clearest costs of spam, have been the most successful private litigants against spammers. ISPs have brought suits in several states based on a common law "trespass to chattels" theory, arguing that by placing a substantial burden on their equipment and storage capacity, the spammers "trespassed" upon and damaged their personal property. ISPs have won verdicts in Virginia, Iowa, and Ohio based on the trespass to chattels theory. In America Online v. IMS, the Eastern District of Virginia found that America Online (AOL) established the defendant spammer's trespass to chattels in violation of Virginia's common law. 5 The spammer had improperly sent over sixty million unauthorized bulk e-mail advertisements to AOL subscribers over the course often months. Moreover, the spammer continued to send e-mails after being notified in writing by AOL to cease and desist. Thus, the spammer caused AOL to expend technical resources and staff time to defend its computer system and its membership against the spare.' 6 In 2001, AOL also sued National Health Care Discount, Inc. under the trespass to chattels theory in the Northern District of Iowa.'7 The court held the defendant liable for its contract e-mailers' trespass to chattels violation." Consequently, the court issued a permanent injunction against the defendant and awarded AOL damages in the amount of $2.50 per thousand messages received, totaling $337,500 for all 135 million spams.19 The Southern District of Ohio ruled in favor of the ISP CompuServe in its trespass to chattels action against Cyber Promotions, Inc., a Pennsylvania-based spammer.20 CompuServe sought to enjoin Cyber Promotions from sending unsolicited commercial e-mail to its subscribers, arguing that handling the mass mailings placed a substantial burden on its equipment.2' The court found that CompuServe's equipment value diminished despite a lack of physical damage. Ultimately, the court found that the spammer had committed a trespass to chattels.22 The defendant-spammer argued that CompuServe consented to community use of their servers by allowing subscribers to receive messages from anywhere on the Internet. 3 The Court held in CompuServe's favor, holding that "the use of personal property exceeding consent is a trespass" because the defendants had ignored

15. America Online, Inc. v. IMS, 24 F. Supp. 2d 548, 550 (E.D. Va. 1998). 16. Id. at 549. 17. America Online, Inc. v. Nat'l Health Care Disc., Inc., 174 F. Supp. 2d 890, 893 (N.D. Iowa 2001). 18. Id at 900. 19. Id. at 901. 20. CompuServe, Inc. v. Cyber Promotions, Inc., 962 F. Supp. 1015, 1028 (S.D. Ohio 1997). 21. Id. at 1019. 22. Id. at 1022. 23. Id. at 1023-24. Winter 2006] COMBATING SPAM

CompuServe's cease24 and desist letter requesting an end to sending its subscribers unsolicited emails. However, common law causes of action like trespass to chattels have clear limitations, including the plaintiff's need to prove actual injury. For example, in Intel Corp. v. Hamidi, Intel, as a private company, argued a trespass to chattels theory where a former employee sent emails to other Intel employees disparaging the company. However, the California Supreme Court disagreed and held that Intel could not prevail on the theory because the emails did not damage the computer system or impair its function.25 Hamidiillustrates the difficulties that private parties other than ISPs have had in bringing these types of claims. Prior to the 2003 CAN-SPAM Act (hereinafter "Act"),26 the first United States federal law restricting spam use, some ISPs invoked a number of federal laws to protect them from specific spam abuses. AOL successfully brought suit under federal trademark laws to protect its "AOL" trademark from promoters who sent AOL subscribers spamn e-mails designed to appear as if AOL itself sponsored or approved the message.27 In these suits, AOL argued that the spammers violated federal trademark laws prohibiting "false designation of origin" and "dilution of trademark."2 AOL also sued spammers for violating the Computer Fraud and Abuse Act,29 which requires a plaintiff prove that the defendant intentionally accessed a "protected" computer, exceeded authorized access, and obtained information in interstate communication. 30 Additionally, the Computer Fraud and Abuse Act requires that plaintiffs prove damage, defined as "impairment to the ' integrity or availability of data."', Given these limitations, ISPs lobbied for federal regulations further restricting spammers' allowable activities. The CAN-SPAM Act, effective in January 2004, allows harmed ISPs to bring civil actions against violators of the Act.32 Many ISPs filed several of the initial actions brought under the Act. Those initial actions will be explained in greater detail in section II.

B. The States Take a Stand Against Spam

At least 38 states have enacted their own anti-spam legislation, often under pressure from irate constituents.3 3 The CAN-SPAM Act, however, "explicitly pre-

24. Id.at 1024 (citing City of Amsterdam v. Goldmeyer, Ltd., 882 F. Supp. 1273, 1281 (E.D.N.Y. 1995)). 25. 71 P.3d 296, 300 (2003). 26. Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003, 15 U.S.C.A. §§ 7701-7713 (Supp. 2005). The CAN-SPAM Act passed the Senate (S. 877) on Oct. 22, 2003, and passed the House on Dec. 8, 2003. President Bush signed the Act on Dec. 16, 2003. CAN-SPAM Act of Dec. 16, 2003, Pub. L. No. 108-187, 2003 U.S.C.C.A.N. (117 Stat. 2699) 2719 (codified at 15 U.S.C.A. §§ 7701-7713). 27. America Online, Inc. v. IMS, 24 F. Supp. 2d 548, 551-52 (E.D. Va. 1998). 28. 15 U.S.C.A. § 1125(a)(1)(a), (c) (1998 & Supp. 2005). 29. See America Online, Inc. v. Nat'l Heath Care Disc., Inc., 174 F. Supp. 2d 890, 899 (N.D. Iowa 2001). 30. 18 U.S.C. § 1030(a)(2) (2000). 31. Id. § 1030(e)(8)(A). 32. CAN-SPAM Act § 7(g)(1), 117 Stat. at2714-15. 33. Jeffrey D. Sullivan & Michael B. de Leeuw, Spam after Can-Span: How Inconsistent UNIVERSITY OF TOLEDO LAW REVIEW [Vol. 37 empts many state laws concerning [unsolicited commercial e-mails], including the far more stringent laws [than those of the Act]."34 A few states, including California and Delaware, enacted laws taking an "opt-in" as opposed to an "opt- out" approach to spam. 35 The "opt-in" provisions made it unlawful to send unsolicited commercial e-mails unless the recipient had previously consented to its receipt. 36 In contrast to these state laws, the CAN-SPAM Act took an "opt-out" approach, permitting the spammer to send messages so long as the message provides a functional means for the recipient to opt-out of receiving future messages from the spammer.37 Before the CAN-SPAM Act passed, sixteen states enacted legislation which required all unsolicited commercial e-mail to include labels, such as "ADV" or "Advertisement," in their e-mail headers.3" These state laws simplified many recipients' review of their inboxes, and made it easier to devise software programs to filter out such messages. The CAN-SPAM Act rejects this labeling approach and pre-empts those sixteen state laws. 39 In addition, California's anti-spain legislation provided a private right of action to its residents. The CAN-SPAM Act also pre- empts this provision by only providing a private right of action to ISPs adversely affected by violations of the Act.4" The CAN-SPAM Act, however, does not pre-empt state laws that prohibit false or deceptive spam.41 Many states brought significant actions based on anti-spain legislation prohibiting false or deceptive spam. Of particular import, in November 2004 a Virginiajury convicted two North Carolina residents, Jeremy Jaynes and his sister Jessica DeGroot, of sending untraceable spam e-mails to millions of AOL customers located in Dulles, Virginia.42 Virginia prosecuted the case under a 2003 state law that made it a felony to send unsolicited bulk e-mail that masks its origin.43 The jury recommended that Jaynes spend nine years in prison and that DeGroot (who was minimally involved) pay $7,500 for violating Virginia's anti-spam law.44 Thejudge subsequently overturned DeGroot's conviction because he could not find

Thinking Has Made a Hash Out of Unsolicited Commercial E-mail Policy, 20 SANTA CLARA COMPUTER & HIGH TECH. L.J. 887, 898 (2004). Since the time these statistics were compiled, two states' spam laws have either lapsed or been repealed. See Nat'l Conference of State Legislatures, State Laws Relating to Unsolicited Commercial or Bulk E-mail (SPAM), http://www.ncsl.org/programs/lis/legislation/spamlaws02.htm (last visited Oct. 3,2005) (listing current state spam laws). 34. Id. (citing CAN-SPAM Act § 8(b), 117 Stat. at 2716). 35. Id. at 899 (citing CAL. Bus. & PROF. CODE § 17529.2 (2003) (superseded); DEL. CODEANN. tit. 11, § 937 (2001)). 36. Id. (citing CAN-SPAM § 8(b)). 37. CAN-SPAM Act § 5(a)(5)(A)(ii), 117 Stat. 2699, 2707 (2004). 38. Sullivan & de Leeuw, supra note 33, at 900. 39. Id.; Alongi, supra note 3, at 287-89. 40. Sullivan & de Leeuw, supra note 33, at 900. 41. CAN-SPAM Act, § 8(b)(l), 117 Stat. at 2716. 42. Spain Senders Convicted in FirstFelony Case, ASSOCIATED PRESS, Nov. 3, 2004, available at http://www.msnbc.msn.com/id/6401091 (last visited Aug. 25, 2005). See also Karin Brulliard, Jury Finds Two Guilty of Felony Spam, WASH. POST, Nov. 4, 2004, at El. 43. Spam Senders, supra note 42. 44. Id.(quoting Jaynes' attorney as stating, "Nine years is absolutely outrageous when you look at what we do to people convicted of crimes like robbery and rape."). Winter 2006] COMBATING SPAM 277 any rational basis for finding her guilty. However, the judge upheld Jayne's conviction and nine year prison sentence.4" Jaynes' attorney expressed shock at the sentence, calling nine years imprisonment excessive punishment for a nonviolent crime.46 This case marked the first time that the Virginia anti-spain law was prosecuted. In addition, the CAN-SPAM Act does not pre-empt state laws to the extent that they relate to acts of fraud or computer crimes.47 New York, for example, prosecuted "Buffalo spammer" Howard Carmack under New York's identity theft statute.48 Carmack sent 850 million spam e-mails through accounts he opened with stolen identities. In May 2004, aNew York court sentenced Carmack to three-and- a-half years in prison based on his illegal activities.49 Atlanta-based ISP Earthlink, Inc. also obtained a $16.4 million civil judgment against Carmack for operating hundreds of e-mail accounts under false names and using them to send spam solicitations.5" In addition, several state attorney generals have prosecuted cases based on violations of the CAN-SPAM Act.5' Many states are beginning to enact new legislation based on the CAN-SPAM Act. The Ohio legislature, for example, passed a bill making it a felony to knowingly send e-mails with the intent of hiding the message's origin and falsifying header information.5 2 In keeping with the CAN-SPAM Act, Ohio's new statute only allows the state attorney general or an ISP to bring suit against a spammer.53 Moreover, offenders of the Ohio statute face a maximum of five years in prison and a5 4fine of up to $25,000 per violation, and a fine of up to $2 to $8 per message sent. In addition to pre-emption issues, constitutional concerns surround the states' anti-spain laws. Constitutional challenges have focused mainly on whether state anti-spam laws violate the Commerce Clause or the First Amendment right of free speech.55 For example, lower state courts in Washington and California found that the states' respective anti-spam laws violated the Commerce Clause because the

45. Karin Brulliard, Woman's Spam Conviction Thrown Out, WASH. POST, Mar. 2, 2005, at El. 46. Karin Brulliard, Man Gets Nine-Year Sentence for Spamming, WASH. POST, Apr. 8, 2005, available at http://www.washingtonpost.com/wp-dyn/articles/A37205-2005Apr8.html (last visited Aug. 24, 2005). 47. CAN-SPAM Act § 8(b)(2), 117 Stat. 2699, 2716 (2004). 48. 'Buffalo Spammer'Is Sentenced to Prisonfor Junk-MailBarrage, ASSOCIATED PRESS, May 27,2004, availableathttp://www.johnreedstark.com/CurrentEvents/otherarticles2O03and2OO4/spam/ wsjbuffalospammer.htm (last visited Aug. 25, 2005). 49. Id. 50. Id. 51. See, e.g., News Release, Attorney GeneralAbbott Files First Texas Lawsuitfor Violations ofE-mailSpam Law (Jan. 13,2005), http://www.oag.state.tx.us/OAGNEWS/release.php?id=747; AG Reilly Sues Deceptive Spammer for Violating MassachusettsLaw, Federal CAN-SPAM Act (July 1, 2004), http://www.ago.state.ma.us/sp.cfin?pageid--9868id=1257; News Release, Attorney General Lockyer Goes to Court to Shut Down Major California-BasedSpain Operation (Apr. 13, 2005), http://ag.ca.gov/newsalerts/release.php?id=578. 52. Mandy Zatynski, E-mail Spare Bill Passed; Gov. Taft Likely to Sign it into Law, DAYTON DAILY NEWS, Dec. 4, 2004, at B3. 53. Id. 54. Id. 55. Alongi, supra note 3, at 275. UNIVERSITY OF TOLEDO LAWREVIEW [Vol. 37 laws imposed unconstitutional burdens on interstate commerce. 6 Both states' appeals courts, however, overturned the lower courts' decisions, upholding the laws. 7 Each appeals court found that their respective state's anti-span law was facially neutral, and applied equally to in-state and out-of-state spammers.58 The appeals courts then applied a balancing test and concluded that the local benefits of the respective laws outweighed any burden on interstate commerce. 9 Commerce Clause challenges still occur, however; in December 2004, for example, a Maryland judge dismissed a complaint brought under the state's 2002 anti-span law, concluding that the law impermissibly burdened interstate commerce.60 Moreover, many spammers contend that they have a First Amendment right to send unsolicited e-mails to an ISP's subscribers. In Cyber Promotions,Inc. v. AOL, Cyber Promotions argued that AOL acted as a municipality, and thus had to protect the promoter's First Amendment right to free speech.6 1 The court, however, concluded that AOL had the right to prevent spammers from reaching its online subscribers. 2 It distinguished AOL from a company town because AOL did not exercise any municipal powers or public services traditionally exercised by the government. The court also distinguished AOL from a municipality by concluding that AOL's Internet e-maildid not constitute an exclusive public function because several alternatives to e-mail existed, such as U.S. mail and television.63 On the whole, it appears that the various state courts have upheld their respective states' anti-spain legislation in the face of constitutional challenges. Still, constitutional challenges persist, and it is only a matter of time before the CAN- SPAM Act itself comes under the courts' scrutiny.

II. THE CAN-SPAM ACT OF 2003: TOUGH ENOUGH, OR TOO TOUGH?

Didyou hear about the latest spamvertised invention? It's a solar-poweredflashlight.64

The CAN-SPAM Act has been widely criticized for pre-empting certain states' more stringent anti-span legislation. Some critics disparage the Act for failing to stem the flow of spam, or for effectively "legalizing" spam by only prohibiting certain deceptive spam and spamming practices.65 The Act has also been criticized

56. Id. at 275-78 (citing State v. Heckel, 24 P.3d 404, 413 (Wash. 2001); Ferguson v. Friendfinders, Inc., 115 Cal. Rptr. 2d 258, 260 (Cal. Ct. App. 2002)). 57. State v. Heckel, 24 P.3d 404, 413 (Wash. 2001); Ferguson v. Friendfinders, Inc., 115 Cal. Rptr. 2d 258, 260 (Cal. Ct. App. 2002). 58. Heckel, 24 P.3d at 409; Ferguson, 115 Cal. Rptr. 2d at 267. 59. Heckel, 24 P.3d at 409; Ferguson, 115 Cal. Rptr. 2d at 268-69. 60. David Snyder, Judge FaultsMd. Anti-Spam Statute; US. Commerce Clause Cited, WASH. POST, Dec. 15, 2004, at E05. 61. Cyber Promotions, Inc. v. America Online, Inc., 948 F. Supp. 436, 441 (E.D. Pa. 1996). 62. Id. at 445. 63. Id. at 442-43. 64. CaliforniaCom, http://www.california.com/spam/spamjokes.html (lastvisited Oct. 3,2005). 65. Sullivan & de Leeuw, supra note 33, at 930-31; Marks, supra note 7, at 963. See also Editorial, Spammer's Wrist Slap Offers No Deterrence, SAN JOSE MERCURY NEWS, July 22, 2004, at 8B. Winter 2006] COMBATING SPAM

for its relatively harsh criminal sanctions, which impose lengthy prison sentences for violations of the Act.66 Until recently, federal judges were bound by strict sentencing guidelines.67 The Supreme Court, however, overturned these federal sentencing guidelines in January 2005, holding that judges should view sentencing guidelines as recommendations rather than directives.6" The flexible nature of the sentencing guidelines may ease some of the inevitable challenges to the Act's criminal penalties because judges will have discretion to impose lighter sentences than those recommended by the guidelines. The CAN-SPAM Act closely resembles Virginia's anti-spam statute, in that it imposes criminal penalties for sending spain e-mails with false or deceptive headers or content.69 The Act imposes the following measures: (1) it prohibits commercial and transactional e-mail messages containing "materially false or misleading" header information or deceptive subject lines; (2) it requires that all commercial e- mail messages contain a functioning return address or other Internet-based reply opt-out provision; (3) it prohibits a sender from transmitting commercial e-mail messages to any recipient more than ten days after the recipient exercises his or her right to opt-out of receiving future messages; and (4) it requires that all commercial e-mail messages disclose if they are an advertisement or solicitation, and provide notice of the opt-out mechanism and a valid physical postal address.70 The Act also prohibits the following "aggravated violations" that warrant additional penalties: (1) e-mail "harvesting" or the knowing use of illegally obtained addresses; (2) the automated creation of multiple e-mail accounts used to send commercial e-mail; and (3) the use of unauthorized relays for commercial e-mail messages.7' Finally, the Act directs the FTC to research and evaluate the creation of a nationwide "Do Not Spam" list, which would mirror the national "Do Not Call" list.72 The FTC issued a report informing Congress that such a list could not be effectively enforced, and that the list would fail to reduce the amount of spam consumers receive.73 The FTC enforces the Act's provisions as if a violation of the Act were an unfair or deceptive act or practice proscribed by the FTC.74 Violations thereof may lead to criminal or civil penalties. The Act also authorizes civil causes of action brought by state attorneys general or other state agencies for violations of the Act that adversely affect their state's citizens, 75 and actions brought by ISPs adversely affected by violations of the Act.76 In fact, numerous ISPs brought suit against

66. Sullivan & de Leeuw, supra note 33, at 903. 67. 18 U.S.C.A. §§ 3553(b)(1), 3742(e) (2001). See also Charlie Savage, High CourtOverturns Sentencing Guidelines But Ruling Will Allow 'Advisory Use' by Judges, BOSTON GLOBE, Jan. 13, 2005, at Al. 68. United States v. Booker, 125 S. Ct. 738, 756 (2005). 69. VA. CODE ANN. § 18.2-152.3:1 (2005). 70. Glenn B. Manishin & Stephanie A. Joyce, CurrentSpam Law & Policy: An Overview and Update, COMPUTER& INTERNET LAW., Sept. 2004, at 9, 13-14. 71. CAN-SPAM Act § 5(b), 117 Stat. 2699, 2709 (2004). 72. Nikki Swartz, FTC Nixes "Do-Not-Spam" List, INFO. MGMT. J., Sept. 1, 2004, at 8. 73. Id. 74. CAN-SPAM Act § 7(a), 117 Stat. at 2711. 75. Id. § 7(b), (f), 117 Stat. at 2711. 76. Id. § 7(g), 117 Stat. at 2714. Some legal commentators have suggested that the Act's broad UNIVERSITY OF TOLEDO LAW REVIEW [Vol. 37 spammers and their principals based at least in part on their alleged violations of the CAN-SPAM Act. 7 A majority of these suits remain in litigation. In several joint actions with criminal authorities, the FTC charged spammers with violating the Act. In a joint action with the U.S. Attorney's Office in Detroit and the U.S. Postal Inspection Service, the FTC charged Detroit-based Phoenix Avatar and its four principals with sending illegal sparn to sell bogus diet patches, and allegedly earning almost $100,000 per month from product sales based on bogus claims. Specifically, the FTC charged that the deceptive claims violated the FTC Act and that the spammers' "spoofing" (a practice in which spammers use innocent third-party e-mail addresses in the "reply to" or "from" fields of the spain to obscure their identities) and failure to provide opt-out capability violated the CAN-SPAM Act.78 At the FTC's request, the court entered a temporary restraining order enjoining the defendants and freezing their assets.79 In a subsequent settled action, the court entered a stipulated order permanently enjoining the four principals of Phoenix Avatar from further violations of the relevant provisions of the CAN- SPAM Act and FTC Act. 0 Based on the defendants' sworn financial statements, the court suspended a judgment against them of $230,000, representing the total amount of diet patch sales, and instead ordered payment of $20,000.1 The court also entered a default judgement and order for permanent injunction and monetary relief as to defendant Phoenix Avatar.82 In a similar case, the FTC filed charges and obtained a preliminary injunction against an Australian company, Global Web Promotions Pty Ltd., for allegedly disseminating massive amounts of deceptive commercial spain within the United States and "spoofing" a wide array of victims to disguise the real source of the spain. 3 The U.S. District Court for the Northern District of Illinois later entered a default judgement permanently enjoining Global Web Promotions and two related individuals from future violations of the provisions of the FTC Act prohibiting product misrepresentations and the provisions of the CAN-SPAM Act requiring a functional opt-out mechanism and prohibiting deceptive e-mail header information

definition of an ISP may encompass businesses providing Internet services to employees, in which case these businesses also would be authorized to bring a civil action against violators of the Act who have adversely affected those businesses. See, e.g., Jonathan K. Stock, A New Weapon in the FightAgainst Spain, MONDAQBUS. BRIEFING, Oct. 8,2004, availableat http://www.mondaq.com/article.asp?article id=28901&searchresults=l) (last visited Aug. 31, 2005). As of yet, however, no businesses have attempted to bring suit under the Act. 77. See, e.g., Ted Bridis, Internet ProvidersSue Hundreds of People over 'Spam' E-mails, ASSOCIATED PRESS, Mar. 10, 2004, available athttp://www.allheadlinenews.com/cgi-bin/news/news brief.plx?id=1078933208&fa=1 (last visited Sept. 19, 2005); Beatrice E. Garcia, Florida Firms Accused in Spain Lawsuits, MIAMI HERALD, Mar. 28, 2004, at IA. 78. News Release, FTC, FTC Announces First Can-Spam Act Cases (Apr. 29, 2004), http://www.ftc.gov/opa/2004/04/040429canspam.htm [hereinafter FTC News Release]. 79. See FTC v. Phoenix Avatar, LLC, No. 04C2897, 2004 U.S. Dist. LEXIS 14717, at *2 (N.D. Ill. July 29, 2004). 80. News Release, FTC, Diet Patch Sellers Settle CAN-SPAM Charges (Mar. 31, 2005), http://www.ftc.gov/opa/2005/03/phoenix.htm. 81. Id. 82. Id. 83. FTC News Release, supra note 78. Winter 2006] COMBATING SPAM

and false contact information. 4 The Court ordered defendants, jointly and severally, to pay restitution of $490,280 for violations of the FTC Act, and an additional $1,700,982 in ill-gotten gains causally connected to violations of the CAN-SPAM Act. 5 In February 2005, Jason Smathers, a twenty-four-year-old former AOL software engineer from Harper's Ferry, West Virginia, pled guilty to stealing 92 million screen names and e-mail addresses and selling them to Internet spammers in violation of the CAN-SPAM Act. 6 Although the federal district court judge refused to accept an earlier guilty plea entered by Smathers s7 because he was not convinced the defendant had committed a crime, federal prosecutors ultimately persuaded the judge of the defendant's violations.8 In exchange for the stolen screen names and e-mail addresses, Smathers allegedly accepted $28,000 from an individual who wanted to pitch an offshore gambling site to AOL customers, knowing the stolen information might make its way to other spammers. At his May 20, 2005 sentencing, Smathers faced 18 months to two years in prison and mandatory restitution of between $200,000 and $400,000, which is the amount the government estimates AOL spent to contend with an estimated seven billion spam e-mails resulting from Smather's conduct. Due to Smathers' contrition and cooperation with authorities, the court imposed a reduced sentence of 15 months and recommended payment of restitution of $84,000, representing triple the profits Smathers earned from the scheme; the court, however, delayed the restitution order to provide AOL the opportunity to prove higher damages.8 9 Charges are still pending against Sean Dunaway, a twenty-one-year-old who purchased the e-mail list from Smathers.9° At least one case brought under the Act did not yield the positive results anticipated by the charging authorities. New York Attorney General Eliot Spitzer filed one of the first actions under the CAN-SPAM Act, charging spammer Scott Richter and his company OptInRealBig.com with multiple violations of the Act.9' Initially, Mr. Spitzer announced his goal of fining Richter and his company $20 million in damages, however, in the end the case was settled for $40,000 in penalties and an additional $10,000 for investigation costs.92 In this situation, Richter's company was an intermediary that introduced two entities that had not been sued, and Richter contended all along that he took no part in any deceptive

84. News Release, FTC, Court OrdersPermanent Halt to Illegal Spamming,Bogus Claims (Sept. 20, 2005), http://www.ftc.gov/opa/2005/09/globalpromotions.htm. 85. Id. 86. Ted Bridis, Prosecutors,Ex-AOL EngineerStrike Plea,ASSOCIATED PRESS ONLINE, Dec. 20, 2004, http://news.orb6.com/stories/ap/2004122 1/aol-spamming.php. 87. Robert O'Harrow, Jr., Judge Rejects GuiltyPleain America Online Span Case, WASH. POST, Dec. 22, 2004, at El. 88. Larry Neumeister, Ex-AOL Worker Pleads Guilty in Spam Case, ASSOCIATED PRESS, Feb. 5, 2005, available at http://abcnews.go.com/Business/wireStory?id=474859 (last visited Aug. 31, 2005). 89. Seller ofAOL List Gets Prison; The FormerAmerica Online Employee Is Sentenced to 15 Months in the Anti-spam Case, L.A. TIMES, Aug. 8, 2005, at Cl. 90. Id. 91. Mark Gibbs, False Positives, NETWORK WORLD, July 26, 2004, at 78. 92. Id. UNIVERSITY OF TOLEDO LA WREVIEW [Vol. 37

activities.93 This case demonstrates how difficult it is for courts to deal with the often complex arrangements used in sending junk e-mail. The CAN-SPAM Act went into effect in January 2004. However, compliance with the Act remained marginal almost two years later. E-mail security company MX Logic, Inc. reported in December 2005 that only four percent of unsolicited commercial e-mail filly complied with the Act. 94 Others contend that the Act has reduced the amount of spain originating in the United States, but such progress is overshadowed by overall increases in world-wide spare. 95 It may still be too soon to fully evaluate the efficacy of the CAN-SPAM Act. It is already clear, however, that cases brought under the Act will face some obstacles. Prosecutors typically must prove that the spammer's conduct meets the "deceptive" standard, a task that may be difficult when numerous promoters and/or intermediaries are involved. In light of the numerous constitutional challenges to various states' anti-spam legislation, it also is likely that the CAN-SPAM Act will face similar challenges.

III. THE SEC TARGETS INVESTMENT-RELATED SPAM

Q: What do you call a spammer wearing a suit and tie? A: The Defendant.96

A. The Commission's Statutory Weapons againstFraudulent Spam

Since the advent of the Internet and ensuing online fraud, the SEC has demonstrated its ability to enforce securities statutes and. regulations in the fast- paced world of cyberspace. In fact, the Commission's Division of Enforcement ,("Enforcement Division" or "Division") has brought more than 500 Internet-related enforcement actions since 1995, many targeting spammers engaged in misleading or false spam campaigns. 97 The Division's success in this arena is proof that the statutory weapons in its arsenal are as effective when combating frauds in cyberspace as when battling conventional boiler rooms.98 Spam is just one more medium modern fraudsters use to perpetrate the same scams that the Division has fought for almost three quarters of a century, including sham offerings and pump and dump schemes. To successfully combat specific spam-related schemes, however, the Division adapted its investigative techniques and applied its enforcement provisions in new and innovative ways. The SEC employed its powerful anti-fraud provisions, the linchpins of the Division's enforcement program, as the basis of the majority of its actions involving

93. Saul Hansell, Spain Sender Settles Case in New York, N.Y. TIMES, July 20, 2004, at Cl. 94. Gene Koprowski, The Web: Feds Flop at Stopping Spam,UNITED PRESS INTERNATIONAL, Dec. 14, 2005, availableat LEXIS, News & Business, News, All. 95. LegislatingCyberspace, EWEEK (Jan. 9,2006), available atLEXIS, News& Business, All. 96. California Corn, http://www.california'conspam/spamjokes.html (last visited Oct. 3,2005). 97. See SEC Internet-Related Statistics, http://www.johnreedstark.com/InternetSECFraudStats/ statspaintcharts.htm (last visited Dec. 5, 2005); Internet-Related Litigation Announcements, http://www.sec.gov/divisions/enforce/internetenforce/litreleases.shtml (last visited Dec. 5, 2005). 98. See Stephen M. Cutler & John Reed Stark, The SEC's Statutory Weaponry to Combat Internet Fraud,1999 A.B.A. SEC. Bus. L. COMM. ON FED. REG. § 2.2. Winter 20061 COMBATING SPAM

spam. Section 10(b) of the Securities Exchange Act of 1934 ("Exchange Act")99 and Rule 1Ob-5 promulgated thereunder"'0 prohibit fraud in connection with the purchase or sale of securities. Likewise, Section 17(a) of the Securities Act of 1933 ("Securities Act")'0 ' prohibits fraud in the offer or sale of securities. Establishing violations of Securities Act Section 17(a)(1) and Exchange Act Section 10(b) requires a showing of scienter, but actions pursuant to Securities Act Sections 17(a)(2) and (3) do not.12 As the cases brought by the SEC and discussed in this article demonstrate, spammers typically participate in two major categories of securities-related frauds: (1) offering frauds, and (2) "pump and dump" schemes. Oftentimes, spammers play a crucial role in both schemes because spamming is a relatively inexpensive and easy way to reach tens of millions of potential investors. In a typical offering fraud, a spammer may advertise securities in an entirely fictitious entity in hopes of absconding with investors' funds. In a "pump and dump," one of the most common spam-related scams, spammers send spam e-mails touting thinly-traded securities in hopes of raising or "pumping" up the stock price. 0 3 Often the touts contain materially false or misleading claims about the company's financial prospects, such as an impending buy-out or major contract or a potentially explosive new product or technology. 4 After driving up the price and volume of the stock, the spammer and/or whoever orchestrated the spam sell or "dump" their securities into the artificially inflated market for a fast and easy profit. 5 The Commission has taken an aggressive stance against spammers' violations of the antifraud provisions of the federal securities laws, and also against their0 6 violations of more specific provisions such as Section 17(b) of the Securities Act,1 which prohibits publication of paid-for touts without full disclosure of the compensation arrangement. The Internet brought this longstanding provision into the limelight because online spammers frequently presented their paid-for stock touts as the result of their own independent analysis, when, in fact, their opinions were bought and paid for. To combat this trend, the Enforcement Division brought numerous actions against violators of Section 17(b), including several sweeps of actions targeting these violations.'07 In addition, the Commission has taken a proactive stance toward spammers who violated Section 5 of the Securities Act, 108 one of the bulwark provisions of the federal securities laws. Section 5 requires issuers who offer or sell securities to file a registration statement with the Commission unless the offering qualifies for one

99. 15 U.S.C. § 78j(b) (2000). 100. 17 C.F.R. § 240.1Ob-5 (2005). 101. 15 U.S.C. § 77q(a) (2000). 102. Aaron v. SEC, 446 U.S. 680, 697 (1980). 103. See SEC, Pump&Dump.con: Tips for Avoiding Stock Scams on the Internet, http://www.sec.gov/investor/pubs/pump.htm (last visited Dec. 5, 2005). 104. Id. 105. Id. 106. 15 U.S.C. § 77q(b). 107. See SEC Press Release No. 98-117, supra note 10; SEC Press Release No. 99-24, supranote 12. 108. 15 U.S.C. § 77e (2000). UNIVERSITY OF TOLEDO LAW REVIEW [Vol. 37

of numerous exemptions." 9 Spammers who conduct unregistered offerings via spam e-mails violate Section 5 because most registration exemptions do not allow general solicitations to the public. Moreover, the Commission has charged both issuers and promoters engaging in pump and dump schemes with violating Section 5. In perpetrating those schemes, certain company insiders and shareholders side- stepped Section 5's registration requirements in order to compensate promoters with purportedly "free trading" stock without being subject to the regulatory scrutiny involved in registering the offering with the Commission."' The Commission also brought Section 5 charges against promoters who dumped their stock into the artificially inflated market that they helped create, under the theory that the promoters unlawfully sold restricted securities, or that by obtaining the securities with a view towards their distribution, they acted as underwriters responsible for registering the securities."1 Finally, spammers who assist issuers in soliciting investors risk violating Section 15(a)(1) of the Exchange Act," 2 which prohibits any broker from effecting, inducing or attempting to induce the purchase or sale of securities unless that broker is registered with the Commission. The term "broker" includes any person "engaged in the business of effecting transactions in securities for the account of others."' 3 A spammer soliciting investors on behalf of an issuer may be considered a broker, especially if he is involved in the transfer of funds or accepting compensation based on the amount of monies raised by his or her solicitation efforts. In sum, the Commission has drawn upon a wide range of its statutory weapons and has brought a broad variety of actions against spammers, focusing on those who have participated in some capacity in pump and dump schemes or offering fraud.

1. Section 17(b)

Section 17(b) prohibits the publication of paid-for descriptions of securities without full disclosure of the compensation arrangement. 114 It requires that promoters paid to tout stocks fully disclose the receipt, source, and amount of compensation, if paid directly or indirectly from an issuer, underwriter or dealer. The Commission originally employed Section 17(b), unaltered since its inception in 1933, to prohibit touters from disguising their paid promotions as independent journalism, historically in the context of brochures, investment newsletters, and radio talk shows." 5 One of the few SEC statutes without any accompanying rules,

109. Id. § 77e(c). 110. Stock PatrolChronicles Litany ofSEC Touting Targets, FIN. WIRE, Nov. 14,2003, available at http://investrend.com/articles/article.asp?analystld=o&id=5825&topicld= 160&level=160 [hereinafter Stock Patrol]. I11. SEC Charges Internet Stock Promoters and Public Companies with Participatingin UnregisteredDistributions of Securities, SEC NEWS DIG., Issue 2003-202 (Oct. 23, 2003), available athttp://www.sec.gov/news/digest/dig 102303.txt [hereinafter SEC Charges Internet StockPromoters]. 112. 15 U.S.C. § 78o(a)(1). 113. The term is defined by Section 3(a)(4) of the Exchange Act, 15 U.S.C. § 78c(a)(4) (2000). 114. 15 U.S.C. § 77q(b) (2000). 115. See In re Sky Scientific, Inc., Securities Act Release No. 7372, 1996 SEC LEXIS 3421 (Dec. Winter 2006] COMBATING SPAM

Section 17(b) was "'particularly designed to meet the evils of the 'tipster sheet,' as well as articles in newspapers or periodicals that purport to 'give6 an unbiased opinion but which opinions in reality are bought and paid for."' The first Internet-related SEC enforcement action involving a spammer was SEC v. Samblis."t7 In Samblis, the Commission filed an action in federal district court alleging that self-professed stock picker Steven Samblis was passing himself off as an independent and impartial stock picker, when, in fact, he was nothing more than a paid pitch man for the companies he hyped." 8 Samblis "enthusiastically recommended the securities of certain publicly-traded companies without disclosing that he had been paid at least $20,000 to make these recommendations.""' 9 Additionally, "Samblis was paid to issue thousands of sparn e-mails over the ' 2 Internet regarding these same securities.' ' As a result of the Commission's action, Samblis and his corporation were permanently enjoined from future violations of Section 17(b) and jointly and severally ordered to pay a civil monetary penalty of $11,000.121 Unfortunately, the Samblis enforcement action seemed to have little impact on the unlawful touting associated early-on with securities-related spam. As the Internet evolved into an important investment tool, unlawful touting spread to every corner of the online community, resulting in a proliferation of span e-mail campaigns. The Enforcement Division began tracking down these online touters, bringing numerous actions against Section 17(b) violators between 1996 and 1998. Because unlawful online touting continued, the Division followed up with two Internet sweeps in October 1998 and February 1999.122 These coordinated roundups consisted of more than 25 enforcement actions against more than 50 individuals and companies that unlawfully touted over 250 publicly traded companies by "(1) lying about the companies; (2) lying about their own 'independence' from the companies; and/or (3) failing to disclose adequately the nature, source and amount of 12 3 compensation paid by the companies."' Many spainmers and other Internet touters attempted to comply with Section 17(b) by disclosing that they received compensation, or that they may trade in the shares of the touted stock. The Commission, however, targeted this type of partial disclosure and sent a clear message to spammers that they better follow the letter of the law or risk enforcement action. For example, in its 1998 action against promoter Francis Tribble and his public relations firm, the Commission alleged that through his firm, Tribble disseminated several million spare e-mails, designed and

16, 1996), available at http://sec.gov/litigation/admin/337372.txt; SEC v. Wall St. Publ'g, 851 F.2d 365,369 n.6 (D.C. Cir. 1988); Wenger, Securities Act Release No. 15707, 1998 SEC LEXIS 678 (Apr. 15, 1998), available at http://www.sec.gov/litigation/litreleases/lrI 5707.txt. 116. Wall St. Publ'g,851 F.2d at 369 n.6 (quoting H.R. REP. No. 73-85, at 24 (1933)). 117. Samblis, Securities Act Release No. 15609, 1998 SEC LEXIS 7 (Jan. 6, 1998), available at http://www.sec.gov/1itigation/litreleases/r15609.txt. 118. Id. 119. Id. 120. Id. 121. Id. 122. See SEC Press Release No. 98-117, supra note 10; SEC Press Release No. 99-24, supra note 12. 123. SEC Press Release No. 98-117, supra note 10. 286 UNIVERSITY OF TOLEDO LA W REVIEW [Vol. 37 maintained several Internet websites, and distributed an online investment newsletter, all recommending investment in the stocks of two issuers but failing to make "legally sufficient disclosure" of his compensation arrangements with those issuers. Without admitting or denying the allegations in the complaint, as is standard in the Commission's settlement agreements, Tribble and his firm consented to a permanent injunction from violating Section 17(b) and a civil penalty of $15,000. 124 Never before in its history has the Commission relied so heavily on Section 17(b) as an enforcement weapon. The Commission continues to routinely enforce Section 17(b), at times incorporating unlawful touting charges in actions against spammers participating in fraudulent online schemes.125 The Enforcement Division's 2002 administrative action against Rodona Garst, a participant in a major pump and dump scheme, further elucidates spammers' disclosure obligations under Section 17(b). That action indicates that spammers may need to disclose compensation for touts if paid by a2 6promoter because the promoter may be acting as a statutory underwriter. 1 In July 2002, the Enforcement Division instituted cease-and-desist proceedings against Garst and her direct marketing firm for their dissemination of large numbers of spain e-mails touting four stocks. 27 Promoter Mark Rice provided the messages, which contained allegedly false and misleading information about the companies' purported products, stock price projections, revenue sources and/or business relationships with third parties, and paid Garst $1,500 per million e-mail messages she sent. 12' The promoter claimed that many messages were misdirected "hot stock" tips intended for a friend of the sender, which is a favorite tactic used by spammers to add apparent credibility to their touts.'29 For example, one span read: "Hey Tom, I followed the advice of these guys last time with BUY and I did real well. I bought in at $1.58 and it went all the way to 4, I sold at 3 but I was real happy :). I think this one will pop too.' 130 Garst sold stock in three of the four companies after

124. See Tribble, Securities Act Release No. 15959, 1998 SEC LEXIS 2346 (Oct. 27, 1998), availableat http://www.sec.gov/1itigation/litreleases/ir15959.txt. 125. See Rice, Securities Act Release No. 17732, 2002 SEC LEXIS 2364 (Sept. 17, 2002), availableat http://www.sec.gov/litigation/litreleases/lrl 7732.htm; Garst, Securities Act Release No. 8161, Exchange Act Release No. 46987 (Dec. 11, 2000), available at http://www.sec.gov/litigation/admin/33-8161 .htm; Jones, Securities Act Release No. 18092,2003 SEC LEXIS 888 (Apr. 16, 2003), available at http://www.sec.gov/litigation/admin/33-8161.htm. 126. Garst, Securities Act Release No. 8161, Exchange Act Release No. 46987 (Dec. 11, 2002), availableat http://www.sec.gov/litigation/admin/33-8161 .htm; Garst, Securities Act Release No. 8113, Exchange Act Release No. 46246 (July 24,2002), availableat http://www.sec.gov/litigation/admin/33- 8113.htm. 127. Garst, Securities Act Release No. 8161, Exchange Act Release No. 46987 (Dec. 11, 2002), availableathttp://www.sec.gov/litigation/admin/33-816 l.htm; Garst, Securities Act Release No. 8113, Exchange Act Release No. 46246 (July 24,2002), availableat http://www.sec.gov/litigation/admin/33- 8113.htm. 128. Garst, Securities Act Release No. 8161, Exchange Act Release No. 46987 (Dec. 11, 2002), available at http://www.sec.gov/litigation/admin/33-8161.htm. 129. Id. 130. Premier Services Learns Pump-N-Dump and Insider Stock Trading, http://elias.rhi.hi.is/premier.cluelessfucks.con/Stock-Scammers/Pump-N-Dump.htm (last visited Sept. 15, 2005) [hereinafter Premier Services Pump-N-Dump]. Winter 2006] qOMBATING SPAM

disseminating the spam, for profits of $3,343,131 while Rice's trading profits from the scheme totaled over $900,000.132 The Commission brought an action against Rice for orchestrating and carrying out the pump and dump schemes to manipulate the price of four micro-cap companies.'33 Rice also used two associated companies to disguise his sales of unregistered stocks in three of the four schemes. 134 Because Rice obtained his shares of the companies' stock with the intent to distribute them to the public by selling into the inflated market he created, the Commission considered him a statutory underwriter and charged him with violating Section 5(a) and 5(c) in addition to violating the anti-fraud provisions of the Securities Act.' 35 In March 2002, the Southern District of Texas permanently enjoined Rice, based on his consent, from future violations of these provisions, as well as the anti-manipulation provisions of Regulation M and Rule 101.136 In September 2002, the court ordered Rice to repay his illegal trading profits of over $900,000 plus prejudgment interest of over $184,000 (Rice was held jointly and severally liable with two relief defendants for a portion of this amount plus interest).'37 In addition, the court ordered Rice to pay civil penalties of $440,000, representing an $110,000 3 penalty for each of the four companies whose stock he manipulated. 1 In its related administrative action, the Enforcement Division alleged that Garst violated Section 17(b) because the messages did not disclose the compensation Rice paid to Garst, and because Rice was a statutory underwriter. The Division alleged that Garst violated the anti-fraud provisions of the federal securities laws because she knew or was reckless in not knowing that statements in the spam were materially false or misleading. In a settled administrative action, the Division ordered Garst to cease and desist from committing or causing any violation and future violation of anti-fraud provisions or of Section 17(b), and to pay disgorgement plus prejudgment interest of $15,673.'3

2. Section 5

In conjunction with cases involving pump and dump schemes, the SEC has charged numerous promoters and micro cap companies with violating Section 5 of the Securities Act. Section 5(a) prohibits any person from selling a security in

131. Garst, Securities Act Release No. 8161, Exchange Act Release No. 46987 (Dec. 11, 2002), available at http://www.sec.gov/litigation/admin/33-8161.htm. 132. Rice, Securities Act Release No. 17414, 2002 SEC LEXIS 594 (Mar. 14, 2002), available at http://www.sec.gov/litigation/litreleases/Ir17414.htm. 133. Premier Services Pump-N-Dump, supra note 130. 134. Rice, Securities Act Release No. 17377, 2002 SEC LEXIS 434 (Feb. 25, 2002), available at http://www.sec.gov/litigation/iitreleases/Ir17377.htm. 135. Garst, Securities Act Release No. 8161, Exchange Act Release No. 46987 (Dec. 11, 2002), available at http://www.sec.gov/litigation/admin/33-8161.htm. 136. Rice, 2002 SEC LEXIS 594. 137. Id.; Rice, Exchange Act Release No. 17732, 2002 SEC LEXIS 2364 (Sept. 17, 2002), availableat http://www.sec.gov/litigation/litreleases/lr17732.htm. 138. Garst, Securities Act Release No. 8161, Exchange ActRelease No. 46987 (Dec. 11, 2002), availableat http://www.sec.gov/litigation/admin/33-8161 .htm. 139. Id. UNIVERSITY OF TOLEDO LAW REVIEW [Vol. 37 interstate commerce without an effective registration statement covering the security. 4 ' Further, Section 5(c) prohibits any offers to sell a security unless a registration statement for that security has been filed with the Commission. 4' Registration requires that a company provide important information about its finances and business to potential investors, and allows the Commission to review the company's disclosures. As Internet touting became increasingly popular, micro cap companies began paying stock promoters for their touts with shares of the companies' stock. After pumping up a company's stock price, the promoters sold the stock into the articifically inflated market they had created. Because promoters paid in stock rather than cash directly benefited from the extent to which their marketing efforts inflated the company's stock price, they were less likely to question any fraudulent statements provided by the company. To avoid the time and regulatory scrutiny involved in registering their offerings of securities to promoters, many companies provided promoters with purportedly "freely tradable" shares without properly registering the offerings. In October2003, the Enforcement Division instituted seven administrative proceedings against 31 public companies, stock promoters, and related individuals in a crackdown on these unregistered stock distribution schemes. 142 To circumvent registration requirements, some companies used circuitous means of delivering stock to the promoters, so that the promoters then could unload hundreds of thousands of shares on the investing public.' The Enforcement Division charged both the companies and promoters with violating Section 5 because the companies directly or indirectly sold unregistered, nonexempt stock to the promoters, and the promoters received those shares with the intent of distributing them to the public. As part of the sweep, the Enforcement Division brought an administrative action against promoter EquityAlert.com, Inc. and its parent company Innotech Corp. (together, "Equity Alert"), two principals of Equity Alert and Innotech, and T&G Inc. (hereinafter T&G) and Virilitec Industries (hereinafter Virilitec), two companies whose common stock traded on the OTC bulletin board.'44 The Division alleged that the respondents violated Section 5(a) and 5(c)'s registration requirements in connection with T&G and Virilitec's unregistered, non-exempt issuance of common stock to Equity Alert in exchange for Equity Alert's dissemination of e-mails promoting the respective companies.'45 Specifically, in exchange for promotional activities, T&G allegedly arranged for a third party to assign to Equity Alert a portion of a convertible note that was exercisable into the company's common stock. Equity Alert converted its interest in the note into 100,000 shares, and the third party provided Equity Alert with an opinion of counsel stating that the shares could be freely resold to the public. In the two days following Equity Alert's ensuing dissemination of a promotional e-mail,

140. 15 U.S.C. § 77e(a) (2000). 141. Id. § 77(c). 142. Stock Patrol, supra note 110; SEC Charges Internet Stock Promoters, supra note 111. 143. Stock Patrol, supra note 110. 144. EquityAlert.com, Securities Act Release No. 8306 (Oct. 23, 2003), available at http://sec.gov/litigation/admin/33-8306.htm. 145. Id. Winter 2006] COMBATING SPAM

the price of T&G's common stock rose 31% and the stock's average daily trading volume increased 16,000% over the preceding six months' average volume. Equity Alert sold the shares it had received the day after its e-mail campaign for $132,500. Similarly, in exchange for Equity Alert's promotional activities, Virilitec allegedly asked a long-time company shareholder to transfer $40,000 or a number of purportedly unrestricted shares of Virilitec stock to Equity Alert. During the two days after the e-mail campaign, Equity Alert disseminated a promotional e-mail resulting in a 3,000% increase in the average trading volume of Virilitec's stock. In the days following the e-mail campaign, Equity Alert began selling its Virilitec shares, ultimately grossing $38,870.146 The Division contended that, because Equity Alert obtained both the T&G and Virilitec stock from a person directly or indirectly controlling or controlled by the respective companies (or under direct or indirect common control with the respective companies), with a view to distributing the stock to the public, the issuances of the stock to Equity Alert were not exempt from registration.'47 Therefore, the issuers T&G and Virilitec violated Sections 5(a) and 5(c) of the Securities Act. Because the stock issuances to Equity Alert were not exempt from registration, the securities were restricted and could not be sold to the public within a year after they were acquired by Equity Alert.'48 Thus, Equity Alert also violated these registration provisions in dumping its stock on the public. The respondents consented to an administrative order requiring them to cease and desist from committing or causing any violations and future violations of Sections 5(a) and 5(c) of the Securities Act. Furthermore, Equity Alert was ordered to pay disgorgement of $171,370 plus prejudgment interest (although payment over $31,555 was waived based upon its sworn financial statement)."4 9 The October 2003 sweep demonstrates the Commission's ability to use its existing statutory provisions to combat companies and promoters' novel schemes. As in the action against Equity Alert, six other actions brought in the sweep resulted in orders requiring the companies, promoters, and associated entities to cease and desist from committing or causing any violations and any future violations of Sections 5(a) and 5(c) of the Securities Act, and requiring the promoters to pay disgorgement of any ill-gotten gains plus prejudgment interest.5 The Commission continues to crack down on promoters who unlawfully obtain unrestricted shares in conjunction with pump and dump scams. In addition to the sweep, the Commission brought several individual actions charging publicly-traded

146. Id. 147. Id. 148. Id. 149. Id. 150. Research Capital, LLC, Securities Act Release No. 8309 (Oct. 23, 2003), available at http://www.sec.gov/litigation/admin/33-8309.htm; First Capital Int'l, Securities Act Release No. 83 10 (Oct. 23, 2003), available at http://www.sec.gov/litigation/admin/33-8310.htm; Energy & Engine Tech. Corp., Securities Act Release No. 8311 (Oct. 23, 2003), available at http://www.sec.gov/litigation/admin/33-831 l.htm; Lorsin, Inc., Securities Act Release No. 250 (May 11, 2004), availableat http://www.sec.gov/litigation/aljdec/id250rgm.pdf; Research Inv. Group, Inc., Securities Act Release No. 8387 (Feb. 17, 2004), availableat http://www. sec.gov/litigation/admin/33- 8387.htm; OTC Live, Inc., Securities Act Release No. 261 (Sept. 30, 2004), available at http://www.sec.gov/litigation/aljdec/id261lam.pdf. 290 UNIVERSITY OF TOLEDO LAW REVIEW [Vol. 37 companies and promoters with violating both the anti-fraud and registration provisions of the federal securities laws in connection with pump and dump schemes. 5' Recently, the Commission took a more proactive approach to combating pump and dump schemes than ever before. In January 2005, the Commission suspended trading in the securities of two companies whose respective securities appeared ripe for potential manipulation. The Commission suspended trading in the two companies in light of the following factors: (1) the companies had not made any public filings with the Commission or the NASD; (2) their respective securities were traded on the Pink Sheets (thus, little publicly available information existed concerning these entities); (3) questions were raised concerning the companies' reliance on Rule 504 of Regulation D of the Securities Act in conducting distributions of their respective securities without complying with Regulation D's resale restrictions; and (4) both companies recently had been the subject of spain e-mail touting the companies' shares.'52 In both instances, the Commission suspended trading for a full ten business days,'53 under Exchange Act Section 12(k)(1)(A), which authorizes the Commission to summarily suspend trading in a security for a period not exceeding ten business days "[i]f in its opinion the public interest and the protection of investors so require."' ' 4 In exercising this powerful right, the Commission remains mindful of the Supreme Court's words in SEC v. Sloan: "[T]he power to summarily suspend trading in a security even for 10 days, without any notice, opportunity to be heard, or findings based upon a record, is an awesome power with a potentially devastating impact on the issuer, its shareholders, and other investors.' In its news releases announcing these trading suspensions, the Commission cautioned that following a ten-day trading suspension, a broker or dealer cannot publish a quotation on the issuer's stock unless it has strictly complied with all of the provisions of Exchange Act Rule 15c2-1 1.156 This rule prohibits broker-dealers from quoting the securities without obtaining certain detailed information regarding the issuer. Moreover, the rule requires that based on a review of that information, the broker-dealer has a reasonable basis for believing that the information is accurate in material respects and that the sources of the information are reliable. The Commission further warned that it would consider the need for prompt

151. See Custable, Exchange Act Release No. 18057, 2003 SEC LEXIS 756 (Mar. 31, 2003), available at http://www.sec.gov/litigation/litreleases/Ir18057.htm; Rice, Securities Act Release No. 17377, 2002 SEC LEXIS 434 (Feb. 25, 2002), availableat http://www.sec.gov/litigation/litreleases/ lr17732.htm. 152. See Courtside Prods., Securities Act Release No. 51087 (Jan. 28, 2005), available at http://www.sec.gov/litigation/suspensions/34-51087-o.pdf; Commanche Props., Securities Act Release No. 51105 (Jan. 31, 2005), availableat http://www.sec.gov/1itigation/suspensions/34-51105-o.pdf. 153. See Courtside Prods., Securities Act Release No. 51087 (Jan. 28, 2005), available at http://www.sec.gov/litigation/suspensions/34-51087-o.pdf; Commanche Props., Securities Act Release No. 51105 (Jan. 31, 2005), availableat http://www.sec.gov/litigation/suspensions/34-51105-o.pdf. 154. 15 U.S.C. § 781k(l)(A) (2000). 155. 436 U.S. 103, 112 (1978). 156. See Courtside Prods., Securities Act Release No. 51087 (Jan. 28, 2005), available at http://www.sec.gov/litigation/suspensions/34-51087-o.pdf; Commanche Props., Securities Act Release No. 51105 (Jan. 31, 2005), availableat http://www.sec. gov/litigation/suspensions/34-5 1105-o.pdf. Winter 2006] COMBA T1NG SPAM

enforcement action should any broker-dealer enter a quotation in violation of the rule. 157 Therefore, by suspending trading, the Commission sent a strong message to the investment community that it should think twice before investing or making a market in these securities, because little public information existed concerning the issuers, and the securities appeared vulnerable to a potential pump and dump scheme. Additionally, any promoter, broker-dealer, or other party who initially intended to participate in a pump and dump with respect to these securities, or otherwise was willing to look the other way in exchange for compensation in shares or cash, had notice of the Commission's close attention to these offerings. Hopefully, this novel approach will chill future deceptive activities contemplated with respect to these securities. The Commission also brought a number of actions against spammers who, as opposed to assisting a third party issuer, orchestrated their own fraudulent offerings. In May 2003, for example, the Division charged twenty-year-old Kentucky resident K.C. Smith with fraudulently raising $203,554 from unwitting investors by falsely guaranteeing double-digit monthly returns on two websites and in approximately nine million spain e-mail messages. "8' Smith offered two fictitious investment opportunities, one in a fictitious investment company called Kryer Financial (hereinafter Kryer). Smith advertised Kryer's double-digit returns as insured by the "United States Deposit Insurance Corporation" (USDIC). In truth, the USDIC was an entirely fictitious government entity for which the enterprising Smith created a separate website featuring the Commission's official seal and claiming that investments through Kryer were fully insured against loss. Without admitting or denying the Commission's allegations, Smith consented to an order requiring him to pay $107,510 in disgorgement and pre-judgment interest and enjoining him from future violations of the anti-fraud provisions of the federal securities laws.'59 The U.S. Attorney's offices for the Eastern District of Tennessee and the Eastern District of Virginia both brought a criminal charge against Smith based on the same conduct. 60 After Smith pled guilty to two felony informations charging securities fraud, the court sentenced Smith to fourteen months imprisonment and three years supervised release and ordered him to pay $75,230 in restitution.' 6'

157. See Courtside Prods., Securities Act Release No. 51087 (Jan. 28, 2005), available at http://www.sec.gov/litigation/suspensions/34-51087-o.pdf; Commanche Props., Securities Act Release No. 51105 (Jan. 31, 2005), available at http://www.sec.gov/litigation/suspensions/34-51105-o.pdf. 158. Smith, Securities Act Release No. 18397, 2003 SEC LEXIS 2379 (Oct. 7,2003), available at http://www.sec.gov/litigation/litreleases/ilr18397.htm. See also New World Web Vision.com, Securities Act Release No. 17442, 2002 SEC LEXIS 758 (Mar. 27, 2002), available at http://www.sec.gov/litigation/litreleases/lr17442.htm. 159. Smith, Securities Act Release No. 18397, 2003 SEC LEXIS 2379 (Oct. 7, 2003), available at http://www.sec.gov/litigation/litreleases/lrl8397.htm. 160. Id. 161. Id. This action also demonstrates how the Enforcement Division communicates effectively with criminal authorities in appropriate instances to bring serious securities violators, including fraudulent spammers, to justice. The Division is able to share much of its securities expertise and investigative results with criminal authorities interested in prosecuting the defendant for the same underlying conduct. As the Department of Justice as well as state criminal authorities have become increasingly burdened in recent years with terrorism concerns, the Commission's expertise in this UNIVERSITY OF TOLEDO LA W REVIEW [Vol. 37

3. Section 15

Given that the Internet provides access to a seemingly boundless number of potential investors, it should be no surprise that many companies try to raise money through online securities offerings. However, spammers hired to conduct issuers' spam solicitations may be acting as unregistered broker-dealers under Section 15(a) of the Exchange Act. Section 15(a)(1) of the Exchange Act prohibits any broker from effecting, inducing, or attempting to induce the purchase or sale of securities unless that broker is registered in accordance with the provisions of Section 15(b) of the Exchange Act.'62 The term "broker" is defined by Section 3(a)(4) of the Exchange Act to include any person "engaged in the business of effecting transactions in securities for the account of others."'63 In addition, if the offering is not registered with the Commission, it may violate Section 5 of the Securities Act because most registration exemptions do not apply to "general solicitations" such as spam solicitations.' 64 Spanmers sending spam solicitations also may be held liable for any fraudulent solicitation statements, if a court determines that they knew or were reckless in not knowing that the statements were materially false or misleading.165 In May 2002, the Commission brought an emergency action against U.S. Funding Corporation (hereinafter U.S. Funding) and its president, Angelica Gwinnett, charging them with defrauding investors out of at least $2 million in an offering fraud perpetrated via spam e-mails.'66 The complaint alleged that Gwinnett hired Florida-based telemarketing firm Capital Concepts Marketing and its president, Charles Fremer, to solicit investors in U.S. Funding's accounts receivable factoring business.'67 By contracting with third party spammers, Fremer and his firm sent potential investors e-mail spam typically advertising profits of 25% over two years. 6' Individuals who responded to the spam received follow-up materials featuring false statements about how long the company had been in business, as well as its purportedly substantial assets and revenue. Allegedly, the investors were not informed that Gwinnett diverted so much of the money to herself and telemarketers (at least 35% to telemarketers alone), or that it was impossible for investors to recover their principal, much less earn the promised returns.'69 The U.S. District Court for the District of New Jersey granted the Commission's motion for summary judgment against Fremer and his telemarketing firm, permanently enjoining them from acting as an unregistered broker-dealer in regard may be even more important. 162. 15 U.S.C. § 78o (2000). 163. Id. § 78c. 164. See Section 502(c) of Regulation D of the Securities Act, 17 C.F.R. § 230.502(c). 165. See, e.g., Spray, Exchange Act Release No. 17721, 2002 SEC LEXIS 2319 (Sept. 11,2002), available at http://www.sec.gov/litigation/Iitreleases/lr17721.htm. 166. U.S. Funding Corp., Securities Act Release No. 17503, 2002 SEC LEXIS 1188, at *1(May 3, 2002), available at http://www.sec.gov/litigationlitreleases/lr1 7503.htm. 167. SEC v. U.S. Funding Corp., Civ. No. 02-2089 (KSH) (D.N.J. May 1, 2002), available at http://www.sec.gov/litigation/complaints/complr17503.htm. 168. U.S. Funding Corp., 2002 SEC LEXIS 1188, at *1. 169. Id. Winter 2006] COMBATING SPAM violation of Section 15(a) and with conducting an unregistered securities offering in violation of Section 5 (the Commission did not bring fraud charges against Fremer or the firm). In determining if an individual acted as a broker, the relevant factors include whether that person: (1) received commissions as opposed to a salary; (2) is selling, or previously sold, the securities of other issuers; (3) is involved in negotiations between the issuer and the investor; (4) makes valuations as to the merits of the investment or gives advice; and (5) is an active rather than passive finder of investors. 7 Fremer and his firm actively solicited investors via spam e-mails and received 35% of the proceeds raised, a form of transaction-based compensation. Thus, the court ordered Fremer and his firm to pay, jointly and severally, disgorgement and prejudgment interest totaling almost $580,000, plus a penalty of $50,000.'' In addition, the U.S. District Court for the District of New Jersey entered a temporary restraining order and subsequent preliminary injunction enjoining U.S. Funding and Gwinnett from further antifraud violations and freezing their assets.'72 The court also appointed a receiver over U.S. Funding'7 3 and issued a civil contempt order against Gwinnett for violating the earlier asset freeze order by cashing an investor check and continuing to spend investor funds following the order.'74 Meanwhile, the U.S. Attorney for the District of New Jersey arrested Gwinnett for the misconduct previously charged by the Commission.'75 Gwinnett pled guilty in the related criminal proceeding to mail fraud and tax 76 evasion, and is awaiting sentencing. As the overarching regulator of domestic securities markets, the Commission is uniquely situated to investigate and bring actions against registered persons and entities that violate the federal securities laws. In fact, as discussed below, the Enforcement Division has brought several actions against "rogue brokers" who orchestrated offering frauds via massive spain campaigns. In October 2002, the Commission brought an administrative action against John McCamey, a principal and registered representative with Columbus, Ohio-based broker-dealer Sierra Brokerage Services, Inc., for conducting a fraudulent, unregistered offering of interests in a hedge fund he had established called Sierra Equity Partners, L.P. (Sierra Equity).'7 McCamey solicited investment in the fund

170. SEC v. Hansen, 1984 U.S. Dist. LEXIS 17835, at *26 (S.D.N.Y. Apr. 6, 1984) (citing NICHOLAS WOLFSON, RICHARD M. PHILLIPS & THOMAs A Russo, REGULATION OF BROKERS, DEALERS AND SECURITIES MARKETS § 1.06, at 1-12 (1st ed. 1977)). The receipt of transaction-based compensation is further indication that a person is "engaged in the business." See generally David A. Lipton, A Primer on Broker-DealerRegistration, 36 CATH. U. L. REv. 889, 914 (1987) (noting that "Commission compensation is a hallmark of a broker-customer relationship and demonstrates success in effecting transactions for the account of others"). 171. U.S. Funding Corp., Securities Act Release No. 19173 (Apr. 6, 2005), available at http://www.sec.gov/litigation/litreleases/lr19173.htm. 172. Id. 173. Id. 174. U.S. Funding Corp., Securities Act Release No. 18365, 2003 SEC LEXIS 2272 (Sept. 26, 2003), availableat http://www.sec.gov/litigation/litreleases/lrl8365.htm. 175. Id. 176. United States v. Gwinnett, Criminal Action No. 03-638 (KSH) (D.N.J. Sept. 11, 2003). 177. McCamey& SierraEquity Partners, Securities Act Release No. 8137,2002 SEC LEXIS 2567 UNIVERSITY OF TOLEDO LAWREVIEW [Vol. 37 by sending letters to the firm's clients, advertising on the firm's website, and disseminating thousands of spam e-mails. 78 He also made false and misleading statements about the safety of the investment and its anticipated return, stating on the firm's website, for instance, that the fund "has historically provided returns between 15% and 50% annualized, yet remains 100% government secured."'79 In June 2003, an administrative law judge (ALJ)ordered McCamey and Sierra Equity to cease and desist from violating the registration and anti-fraud provisions of the federal securities laws, and ordered McCamey to pay a $60,000 civil penalty. 8 ' Because McCamey had no prior history of violating the securities laws and because he only collected from one investor to whom he returned the $10,000, the ALJ determined that no greater penalty was warranted. Finally, under the Commission's authority pursuant to Section 15(b), McCamey was barred permanently from being associated with any broker or dealer.'' In July 2003, the Commission brought an action in federal district court charging several individuals, including one registered representative and the parent company of a broker-dealer, with raising $1.1 million through the fraudulent offer and sale of purported private placement shares in the parent company." 2 Discover Capital Holdings Corporation (Discover), based in Uniondale, New York, wholly owned its subsidiary broker-dealer Indianapolis Securities. Discover's owners-Eli Dinov, his brother Ari Dinov, and David Rubinov-solicited investment in Discover's preferred shares by sending bulk spam e-mails to the general public.1 3 In a unique twist to the modem-day online offering fraud, the defendants also utilized traditional boiler room techniques, such as misleading, high pressure cold-calls, and at-home sales calls aimed at retirees.' The defendants created and supported the public market for Discover's common shares, which traded on the pink sheets, thus creating an artificial price highlighted for potential investors (the preferred shares offered in the supposed private placement were convertible to common stock).'85 The defendants concealed material information from investors, such as one of the Dinov brother's disciplinary history with the National Association of Securities Dealers (NASD) and that the price of Discover's stock was largely attributable to secretly choreographed sales to unwitting retail customers of Discover's subsidiary Indianapolis Securities at inflated prices. Amongst numerous false and misleading

(Oct. 8, 2002), available at http://www.sec.gov/litigation/admin/33-8137.htm. 178. Id. 179. Id. at * 1-2, 6. 180. McCamey& Sierra Equity Partners, Securities Act Release No. 8254,2003 SEC LEXIS 1436 (July 18, 2003), available at http://www.sec.gov/litigation/aljdec/id230rgm.htm. 181. Id. 182. Discover Capital Holdings Corp., Securities Act Release No. 18222,2003 SEC LEXIS 1617 (July 10, 2003), available at http://www.sec.gov/litigation/litreleases/Irl8222.htm. 183. Id. 184. Id.Additionally, the defendants even placed an advertisement in the Wall Street Journal in furtherance of their alleged fraud. The advertisement stated, "Will Buy Your Broker/Dealer & Assets Under Management. Publicly held fin'l services holding corp. is aggressively acquiring fin'l services co's. Mainly securities broker/dealers & client accts.... www.discovercapitalholdings.com." WillBuy Your Broker/Dealer& Assets under Management, WALL ST. J., Mar. 20, 2003, at D4. 185. Discover Capital Holdings Corp., 2003 SEC LEXIS 1617. Winter 2006] COMBATING SPAM

statements to potential investors, the defendants claimed that purchasers 1of6 Discover's preferred stock effectively would make a 150% instantaneous profit. The Commission obtained emergency orders in July 2003 from the U.S. District Court for the District of Columbia to halt the defendants' fraudulent activities and to freeze over $1.1 million of the assets of Discover and Indianapolis Securities and the owners' personal and business assets."8 7 Several months later, Indianapolis Securities ceased operations. In March 2004, Rubinov consented to a final judgment ordering him and his consulting business to pay $362,000 in disgorgement and prejudgment interest, plus a $100,000 civil penalty, and permanently enjoining Rubinov and his business from violations of the anti-fraud and registration provisions of the federal securities laws.8l 8 In a related administrative proceeding, Rubinov also consented18 9to an order barring him from associating with any broker or dealer in the future. In November 2004, Discover Capital and the Dinov brothers consented to final judgments ordering them to pay over $700,000 in disgorgement, penalties and prejudgment interest, including a $120,00 penalty against Ari Dinov, plus officer and director bars against the Dinov brothers (the latter barring either from acting as an officer or director of a public company)." Discover, Indianapolis, and the Dinov brothers also consented to being permanently enjoined from violating the anti-fraud and registration provisions of the federal securities laws.'9' In related administrative proceedings, both brothers consented to permanent broker-dealer bars. The breadth of the relief obtained in the Discover Capital case, including officer and director and broker-dealer bars, demonstrates the myriad of tools at the Commission's disposal in its mission to protect investors against spammers.

4. The Anti-FraudProvisions

As described above, the Commission has brought targeted actions against spammers involved in fraudulent offerings. In addition, the Commission has focused its efforts on combating spanmers participating at all levels in a variety of pump and dump schemes, both simple and complex.

i. The simple pump and dump campaign

During the past several years, fraudsters have used span to perpetrate many of their pump and dump schemes. In the "simple" pump and dump scheme, the

186. Id. 187. Rubinov, Exchange Act Release No. 46158 (July 2, 2002), available at http://www.sec.gov/litigation/admin/34-46158.htm; Discover Capital Holdings Corp., Securities Act Release No. 18639, 2004 SEC LEXIS 671 (Mar. 25, 2004), available at http://www.sec.gov/litigation/itreleases/lr18639.htm. 188. Discover Capital Holdings Corp., 2004 SEC LEXIS 671. 189. Rubinov, Exchange Act Release No. 46158 (July 2, 2002), available at http://www.sec.gov/iitigation/admin/34-46158.htm. 190. Discover Capital Holdings, Securities Act Release No. 18988,2004 SEC LEXIS 2827 (Dec. 1, 2004), available at http://www.sec.gov/litigation/litreleases/lrl8988.htm. 191. Id. UNIVERSITY OF TOLEDO LA WREVIEW [Vol. 37 spammer himself clearly orchestrates the fraud, as opposed to disseminating e-mails prepared and presented to the spammer by the main fraudsters and/or an intermediary promoter. Although spammers orchestrating their own scams have employed a surprising variety of pump and dump techniques, the Enforcement Division has kept in step with their evolving tactics. In SEC v. James Sheret,Jr. and Glenn E. Conley, the Division charged promoters Sheret and Conley with sending thousands of fraudulent span e-mails about dozens of penny stock investments to AOL users.'92 Sheret and Conley created the false impression that AOL had endorsed the messages by sending the messages under the banner "AOL Investment Snapshot." The defendants also drafted some of the e- mails to appear "misdirected," as if the sender intended to send a personal e-mail relaying a stock tip to a friend. Finally, certain e-mails highlighted the stocks' recent price increases without disclosing that the increases were due in large part to Sheret and Conley's recent stock purchases. All in all, Sheret and Conley allegedly manipulated the stock prices of 57 thinly-traded stocks and made profits of almost $340,000 by selling their personal holdings in the stocks immediately after sending the fraudulent spam.'9 3 In February 2000, the Commission filed its civil suit, which resulted in the defendants' consenting to permanent injunctions against Sheret and Conley barring further violations of the federal securities laws' anti-fraud provisions, disgorgement of $378,037 and a penalty of $110,000 against Sheret, and disgorgement of $458,965 against Conley (all but $209,253 of the latter disgorgement was waived and no penalties were imposed against Conley due to his demonstrated inability to pay those amounts). 94 .In August 2000, the U.S. Attorney for the Southern District of New York filed separate actions against the two defendants based on the same conduct, charging that they conspired to commit and committed securities fraud.' 95 In the criminal case, the court entered a final judgment against Conley in February 2003, sentencing him to twenty-seven months imprisonment followed by thirty-six months supervised release. 96 In November 2004, the court sentenced Sheret to four years probation and concurrent supervised release plus ordered him to pay approximately $73,000 in restitution.' 97 Sheret presents another example of how the Commission and criminal authorities coordinate parallel actions resulting in additional sanctions and as an even greater deterrent to investment-related fraud pertaining to spam. The Commission often works in concert with civil and criminal, domestic and international authorities to bring fraudsters to justice. In the context of another spain-related pump and dump scheme, for instance, the Commission and its

192. Sheret & Conley, Exchange Act Release No. 16451, 2000 SEC LEXIS 313 (Feb. 24, 2000), available at http://www.sec.gov/litigation/Iitreleases/Ir16451.htm. 193. Id. 194. Id.; Sheret& Conley, Exchange Act Release No. 17133, 2001 SEC LEXIS 1871 (Sept. 18, 2001), available at http://www.sec.gov/litigation/litreleases/lr17133.htm; Sheret & Conley, Exchange ActRelease No. 17351,2002 SEC LEXIS 274 (Feb. 5,2002), http://www.sec.gov/litigation/itreleases/ lr17351htm. 195. United States v. Conley, 1:00ocr00816-DAB (S.D.N.Y. Aug. 3,2000) (slip op.); United States v. Sheret, 1:00-cr-00864-JGK (S.D.N.Y. Aug. 17, 2000) (slip op.). 196. Conley, 1:00cr00816-DAB (slip op.) 197. Sheret, 1:00-cr-00864-JGK (slip op.). Winter 2006] COMBATING SPAM

Australian counterpart worked together to investigate and bring parallel actions against two Australian residents for sending between six and seven million spain e- mails and posting messages on Internet bulletin boards touting the stock Rentech, Inc., a Nasdaq-traded company."' The messages, seemingly drafted by analysts, caused the company's stock price to double and trading volume to skyrocket by 1600% before Nasdaq halted trading. 99 In September 2000, the Australian spammers, Stephen Hourmouzis and Wayne Loughman, were permanently enjoined from violating the federal securities laws' anti-fraud provisions and ordered to disgorge their trading profits of over $14,000 plus prejudgment interest. 00 Several months later, the Australian Securities and Investments Commission (ASIC) filed nineteen criminal charges against Hourmouzis and Loughman based on the same behavior charged by the Commission.2 1 Hourmouzis was sentenced to two years in prison in 2000 (all but three months of his sentence was later suspended), and Loughman was given a suspended two-year sentence in May 2001 .202 By communicating throughout their parallel investigations, both the Commission and ASIC were "able to obtain important information that contributed to the other's investigation.... [W]ithout this cooperation, it is likely that neither authority's action would have been possible. 2 3 To raise a target company's stock price and to begin phase one of a pump and dump scheme, spammers use numerous innovative tactics in addition to those previously mentioned. Much depends on the level of the spammer's expertise; for example, professional spammer Samuel Aaron Meltzer allegedly created an intricate network of websites and fake identities to create the false impression that many independent analysts were recommending the stocks he was touting. 204 Namely, Meltzer allegedly set up multiple investment-related websites (all ostensibly independent of one another), assumed many different Internet "identities" including various domain and business names, and sent millions of spam e-mails containing links to his promotional websites to potential investors.2 5 In its February 2003 complaint against Meltzer, the Commission alleged that he received nearly $160,000 in stock and cash for fraudulently touting the stocks of at least twelve penny stock issuers. 2°6 The complaint further alleged that Meltzer falsely presented his stock picks as the product of his own investment analysis,

198. Hourmouzis, Exchange Act Release No. 16532, 2000 SEC LEXIS 861 (May 1, 2000), availableat http://www.sec.gov/litigation/litreleases/lrl6532.htm; Hourmouzis, Exchange Act Release No. 16535, 2000 SEC LEXIS 887 (May 3, 2000), available at http://www.sec.gov/litigation/litreleases/lr16535.htm. 199. Hourmouzis, 2000 SEC LEXIS 861; Hourmouzis, 2000 SEC LEXIS 887. 200. Hourmouzis, Exchange Act Release No. 16705, 2000 SEC LEXIS 1939 (Sept. 15, 2000), available at http://www.sec.gov/litigation/litreleases/lrl6705.htm. 201. Hourmouzis, 2000 SEC LEXIS 887. 202. Adam Creed, Stock FraudSpammer Gets Suspended Jail Sentence, NEWSBYTES, May 23, 2001, available at LEXIS, News & Business, News, All. 203. Felice B. Friedman et al., Taking Stock of Information Sharing in Securities Enforcement Matters, 10 J.FIN. CRIME 35, 48 (July 2002). 204. Meltzer, Securities Act Release No. 17985, 2000 SEC LEXIS 392 (Feb. 19,2003), available at http://www.sec.gov/litigation/litreleases/lr17985.htm. 205. Id. 206. Id. UNIVERSITY OF TOLEDO LAW REVIEW [Vol. 37 purportedly based exclusively on his review of public filings and interviews of companies' management. The Commission alleged, however, that Meltzer did not conduct any due diligence, research, or analysis, but merely published statements provided to him by the promoters who hired him. In its ongoing litigation against Meltzer, the Division is seeking disgorgement, civil penalties, a penny stock bar, and permanent injunctions for Meltzer's fraudulent conduct.2"7 In another innovative twist to the pump and dump scheme, the Commission filed an action against a group of stock promoters based in Hicksville, New York who, according to the Commission, secretly owned and controlled the company that it was touting, Spectrum Brands Corp. (Spectrum).2 ' The Commission alleged that the undisclosed principals included several convicted felons, a fact supposedly hidden from the investing public. Spectrum advertised that it held the rights to a hand-held device which the company advertised in press releases and in spain e- mails as capable of preventing anthrax. In its complaint, the Commission alleged that the hand-held device was little more than an ultra-violet flashlight incapable of preventing anthrax. Specifically, the Commission brought charges against the actual owners of Spectrum, a "straw man" who allegedly falsely portrayed himself as being in charge of the company, and a lawyer who helped the company file a Form 8-K misrepresenting the company's ownership. 209 A federal district court entered a default judgment against two of the promoters, permanently enjoining them from future violations of the federal securities laws' anti-fraud provisions and ordering them to pay disgorgement and civil penalties in amounts yet to be determined by the court. Meanwhile, the Division filed administrative actions against these promoters seeking penny stock bars. Also, in a settled action, the lawyer consented to a permanent injunction from violating the anti-fraud provisions of the Exchange Act, and were ordered to pay disgorgement and prejudgment interest of a combined total of $1,092 and a civil penalty of $25,000, and received a permanent suspension from practicing law before the Commission (pursuant to Rule 102(e)(3)(I) of the Commission's Rules of Practice).210 Although spain generally refers to unsolicited bulk e-mail, the term is increasingly used to describe unsolicited, bulk fax messages (i.e., "spam" faxes) as well as unsolicited messages posted in mass over online bulletin boards (i.e., "spare" bulletin board postings). While perpetrators of pump and dump schemes utilize these alternative types of sparn in their never-ending quest to reach potential investors, the Commission is equally capable of tracking down and bringing actions against the individuals behind these spain campaigns."'

207. Id. 208. Spectrum Brands Corp., Securities Act Release No. 17265, 2001 SEC LEXIS 2572 (Dec. 11, 2001), available at http://www.sec.gov/litigationlitreleases/Ir17265.htm; Cassandro, Exchange Act Release No. 18909, 2004 SEC LEXIS 2251 (Sept. 29, 2004), available at http://www.sec.gov/litigation/litreleases/Ir18909.htm. 209. Spectrum Brands Corp., 2001 SEC LEXIS 2572; Cassandro, 2004 SEC LEXIS 2251. 210. Cassandro, Exchange Act Release No. 19016, 2004 SEC LEXIS 3061 (Dec. 28, 2004), availableat http://www.sec.gov/1itigation/litreleases/Ir19016.htm. 211. See, e.g., Thomassen, Securities Act Release No. 18690, 2004 SEC LEXIS 927 (May 4, 2004), available at http://www.sec.gov/itigation/litreleases/lr18690.htm (Thomassen used both Winter 2006] COMBA TING SPAM

ii. The pump and dump scheme

The previously described pump and dump cases are relatively simple scams because the frauds were conducted mainly by the spammers themselves. Frequently though, the persons actually sending span are only one facet of a multi-level scam involving several categories of participants. Company insiders, major shareholders, promoters, and various intermediaries may all be involved in a pump and dump fraud. Oftentimes, it may be difficult in these cases to determine the extent to which different "players" in the scam knew or were reckless in not knowing about the underlying fraud. The Commission has taken an aggressive but equitable approach in tackling all levels of these frauds, and in determining the appropriate violations to charge against various participants. A common version of the multi-level pump and dump involves a spammer who works directly with one or more corporate insiders or the major shareholders who are orchestrating the pump and dump scheme. For instance, the Commission filed an action in April 2003 seeking injunctive relief in connection with a multi-level pump and dump involving the stock of Freedom Golf Corporation. The Commission charged the following persons and entities with securities fraud in that matter: Freedom Golf; Freedom Golfs president, Gaylen "John" Johnson; major shareholder Timothy Miles; promoters Carter12 Allen Jones and Jonathan Curshen; and Jones' firm, C. Jones & Company. The Commission alleged that between late January and March 2000, Miles paid both promoters to hype Freedom Golf's stock mainly over the Internet, as well as by telephone and regular mail. Jones allegedly arranged for the dissemination of between 25 and 35 million spain e-mails touting the stock in February 2000 alone. According to the complaint, during the same time frame, Johnson created baseless profit, revenue, and expense projections that Jones published on his website and Curshen published on an online message board. Jones and Curshen also allegedly failed to disclose the full amount Miles was paying them to tout Freedom Golf s shares in violation of Section 17(b) of the Securities Act. During the manipulation, Jones, Miles, and Curshen allegedly sold their shares at artificially inflated prices, 13 collectively reaping profits of over $500,000.2 In addition, the Enforcement Division filed an administrative action that resulted in the revocation of Freedom Golf's registration pursuant to Section 12(j) of the

fraudulent e-mail spams as well as fraudulent posts on Silicon Investor and Raging Bull message boards to tout the stock of at least nine micro cap companies). See also Tel-One, Inc., Securities Act Release No. 17337, 2002 SEC LEXIS 190 (Jan. 24, 2002), available at http://www.sec.gov/litigation/litreleases/lrl 7337.htm (spare faxes consisting of single-sheet stout touts used by spammer in pump and dump scheme); Spray, Exchange Act Release No. 17721, 2002 SEC LEXIS 2319 (Sept. 11,2002), availableat http://www.sec.gov/litigation/litreleases/Ir17721 .htm (stock tout "newsletters" sent via spam faxes were predominant method used to inflate stock price in pump and dump scheme). 212. Jones & Co., Securities Act Release No. 18092, 2003 SEC LEXIS 888 (Apr. 16, 2003), available at http://www.sec.gov/litigation/litreleases/lrl8092.htm. 213. Id. UNIVERSITY OF TOLEDO LAW REVIEW [Vol. 37

Exchange Act, thus ceasing all public offerings of the company's stock.214 Johnson, the company president, settled to a permanent injunction for his violation of the anti-fraud provisions of the federal securities laws and was barred from future participation in the offering of penny stocks (i.e., a "penny stock bar").215 The court waived civil penalties against Johnson due to his financial condition. Jones and his firm also received permanent injunctions and penny stock bars for their roles in the fraud, however, the court has not yet ruled on the Commission's motion for disgorgement, prejudgment interest, and a penalty against Jones. 16 Similarly, the Commission's action against Curshen and Miles remains in litigation. Although the extent of the court's relief is undetermined, this case demonstrates the Commission's tenacity in pursuing all levels of these schemes, as well as the broad variety of relief available to the Commission. In January 2002, the Commission targeted a similar multi-level pump and dump scheme, orchestrated by the president and major shareholders of the touted company. The Commission charged in its complaint that the company, Tampa- based Tel-One, Inc., its president W. Kris Brown, and major shareholders George Carapella and Alan Lipstein used Tampa-based stock promoter Media Broadcast Solutions, Inc., owned by George LaFauci, to place fraudulent advertisements in local and national newspapers (including the Wall Street Journal), and to send newsletters touting the company's stock to prospective investors via spain faxes. 217 According to the complaint, although LaFauci owned Media Broadcast, his cousin Carapella, and Lipstein effectively controlled the entity, and used it solely to promote companies with which they were affiliated. The investment "newsletters" were distributed under the titles "Wall Street Examiner" and "The Stock Bulletin." Carapella and Lipstein sold hundreds of thousands of shares after driving up the price of Tel-One's stock via Media Broadcast. 8 The Commission's action resulted in permanent injunctions from future violations of the antifraud provisions against all of the defendants, including Tel- One, Brown, Carapella, Lipstein, LaFauci, and Media Broadcast.21 9 Shareholders Carapella and Brown were each ordered to disgorge over $900,000 in profits from the scheme, plus prejudgment interest, and to pay civil penalties of $75,000 and

214. Freedom Golf Corp., Exchange Act Release No. 227 (May 15, 2003), available at http://www.sec.gov/litigation/aljdec/id227cff.htm. See also Freedom Golf Corp., Exchange Act Release No. 47636 (Apr. 7, 2003), available at http://www.sec.gov/litigation/admin/34-47636.htm; Freedom Golf Corp., Exchange Act Release No. 48009, available at http://www.sec.gov/litigation/aljdec/id227cfffo.htm (June 10, 2003). 215. Judgment ofPermanent Injunction and Other Reliefagainst Gaylen P. Johnson, Jan. 22, 2004, SEC v. C. Jones & Company et al., Case No. 1:03-cv-00636-WDM-PAC (D. Colo. 2003). 216. Order of Default Judgment of Permanent Injunction and Other Relief against Defendants C. Jones & Co. and Carter Allen Jones, Jan. 22, 2004, SEC v. C. Jones & Company et al., Case No. 1:03- cv-00636-WDM-PAC (D. Colo. 2003). 217. Tel-One, Inc., Securities Act Release No. 17337, 2002 SEC LEXIS 190 (Jan. 24, 2002), available at http://www.sec.gov/litigation/litreleases/Ir17337.htm. 218. Id. 219. Id.; Spray, Exchange Act Release No. 17615, 2002 SEC LEXIS 1801 (July 15, 2002), available at http://www.sec.gov/litigation/litreleases/lr17615.htm; Tel-One, Inc., Securities Act Release No. 18272, 2003 SEC LEXIS 1866 (Aug. 6, 2003), available at http://www.sec.gov/litigation/Iitreleases/lr 18272.htm. Winter 20061 COMBATING SPAM

$50,000, respectively, and Brown was ordered to pay a $30,000 penalty. LaFauci, owner of Media Broadcast, was ordered to disgorge his $8,63 5 in profits from sales of Tel-One's stock, plus prejudgment interest and a penalty of $30,000. Carapella, Lipstein, and LaFauci also consented to penny stock bars in separate administrative proceedings. 220 The Tel-One case sends the message to spammers that, whether or not they are the architects of a pump and dump scheme, they cannot turn a blind eye and disseminate whatever touts they receive. In another version of the multi-level pump and dump scheme, there are at least two levels of promoters. "First level" promoters act as intermediaries in that they contract with "second level" spammers on behalf of touted companies. Sometimes, the first level promoter orchestrates the pump and dump, although the Commission made it clear that hired spammers typically share some level of culpability.22' However, as demonstrated by SEC v. Paul Spray,222 sometimes the lower-level spammers commit the more egregious securities violations. In September 2002, the Commission filed suit against Paul Spray, two newsletter writers, and an intermediary "investor relations consultant" that contracted for some of the newsletters for their roles in a newsletter touting scheme. 223 From July 2001 through May 2002, newsletter writers Paul Spray and Thomas Loyd prepared and distributed their respective newsletters, OTC Investor's Edge and Investors' Alert, to millions of potential investors by both spain facsimiles and spam e-mails. This led to significant increases in the price and volume of the touted stocks. Investor relations consultant Marc Barhonovich contracted for, and paid for the distribution of, some of the newsletters, but he failed to review the newsletters before they were publicly disseminated. The Commission alleged that all three individuals knew, or were reckless in not knowing, that the newsletters contained material misrepresentations and omissions concerning the financial condition, projected earnings, and/or revenues of the companies they touted.224 The Commission's action in PaulSprayresulted in permanent injunctions against writers Spray and Loyd for their violations of Section 10(b) of the Exchange Act and Rule lOb-5 thereunder (arguably the Commission's most potent anti-fraud provisions) and permanent penny stock bars against both individuals.225 In addition, the court ordered Loyd to pay $474,359 in disgorgement and prejudgment interest (representing his profits from the scheme) and civil penalties of $325,000.226

220. Tel-One, Inc., 2002 SEC LEXIS 190; Spray, 2002 SEC LEXIS 1801; Tel-One, Inc., 2003 SEC LEXIS 1866. 221. Rice, Securities Act Release No. 17377, 2002 SEC LEXIS 434 (Feb. 25, 2002), available at http://www.sec.gov/litigation/litreleases/lr17377.htm. This case is discussed in detail in section III(A)(3)(b) of this article. 222. Spray, Exchange Act Release No. 17721, 2002 SEC LEXIS 2319 (Sept. 11, 2002), available at http://www.sec.gov/litigation/litreleases/lr17721.htm. 223. Id. 224. Id. 225. Loyd, Exchange Act Release No. 18318, 2003 SEC LEXIS 2086 (Sept. 2, 2003), available at http://www.sec.gov/1itigation/litreleases/lr18318.htm; Spray, Exchange Act Release No. 17721, 2002 SEC LEXIS 2319 (Sept. 11,2002), availableat http://www.sec.gov/litigation/litreleases/r 17721. htm; Spray, Exchange Act Release No. 18244, 2003 SEC LEXIS 1696 (July 23, 2003), available at http://www.sec.gov/litigation/litreleases/lrI8244.htm. 226. Spray, Exchange Act Release No. 18318,2003 SEC LEXIS 2086 (Sept. 2, 2003), available UNIVERSITY OF TOLEDO LAW REVIEW [Vol. 37

Similarly, the court ordered Spray to pay $44,566 in disgorgement and prejudgment interest (representing his profits) and a civil penalty of$120,000.227 On January 21, 2004, the Commission entered an administrative cease and desist order against Barhonovich and his consulting firm for violating Sections 17(a)(2) and 17(a)(3) of the Securities Act, the non-scienter based anti-fraud provisions available to the Commission.228 The court also ordered Barhonovich to pay disgorgement and prejudgment interest totaling $82,041, stemming from his sales of stock during the fax spam campaign.229

B. Gumshoe Detective Work

230 If you run, you 'l only go to jail tired.

The online community is attractive to investment fraudsters because of the seemingly limitless number of potential investors, relatively low cost of contacting those investors, and the anonymity of the online community. However, time and again, the Commission demonstrated that even the most circumspect online fraudsters leave electronic "footprints" enabling the Commission to track them down.23' Spammer K.C. Smith, who set up two websites and sent roughly nine million e- mail spam to perpetrate a fraudulent offering in a fictitious investment company, tried to hide his involvement in the scam from potential investigators.232 Smith took numerous steps to conceal his identity, such as calling potential investors on disposable cellular telephones, using stolen and hijacked service provider accounts to access the Internet, and collecting investor funds through offshore online payment services maintaining payee confidentiality. 233 Nevertheless, the Commission's enforcement staff identified and located Smith with relative ease and speed. The Enforcement Division uses a variety of investigative tactics to trace the sources of fraudulent websites, bulletin board postings, e-mails, and other online communications, despite the attempts of fraudsters such as K.C. Smith to obfuscate their involvement in a fraud. The Internet preserves a clear set of electronic clues left behind by online fraudsters, including an abundance of Internet Protocol data enabling cyber-investigators to trace a fraudster's online activities. Based on those

at http://www.sec.gov/litigation/litreleases/lrI8244.htm. 227. Id. 228. Barhonovich, Securities Act Release No. 8356, 2004 SEC LEXIS 119 (Jan. 21, 2004), available at http://www.sec.gov/litigation/admin/33-8356.htm. 229. Id. 230. Police Guide: Your Guide to Cop Culture, http://www.policeguide.com/Research/Police_ Humor/police humor.html (last visited Oct. 3, 2005). 231. See Stephen M. Cutler & John Reed Stark, The SEC's Statutory Weaponry to Combat Internet Fraud, 1999 A.B.A. SEC. Bus. L. COMM. ON FED. REG. § 2, 5; John Reed Stark & N. Blair Vietmeyer, The SEC and Prime Bank Frauds: Past, Present and Future: The Fatal Internet Migration of Dr. Noe, 31 SEC. REG. L.J. 4, 47 (2003). 232. Smith, Securities Act Release No. 18397, 2003 SEC LEXIS 2379 (Oct. 7, 2003), available at http://www.sec.gov/litigation/litreleases/lrI 8397.htm. 233. Id. Winter 2006] COMBATING SPAM

electronic clues and old-fashioned detective work, the Division is repeatedly able to determine the fraudster's identity and whereabouts. In addition, the Commission consistently achieves great success in identifying and locating perpetrators of online pump and dump schemes, including spammers that try to cover their tracks. For example, in 1999, spammer David Allen Lester used several tactics to hide his identity while manipulating the securities of two publicly traded companies-to no avail."' To "pump" up the price of the stock, Lester disseminated numerous spai messages disguised as "misdirected" e-mails and containing false information about impending sales contracts and the like. To conceal his identity, Lester transmitted the spain from the e-mail accounts of two people for whom he had installed AOL accounts in his part-time job as a computer network installer. Moreover, Lester adopted a fictitious pseudonym and included a fake message header. Nonetheless, by following Lester's electronic footprints and utilizing more traditional investigative leads, the Enforcement Division quickly found Lester and filed a settled action against him in March 2002.235 Online fraudsters leave behind a resplendent evidentiary record. Fraudulent websites, message boards, and e-mail spams are easily captured and saved for posterity, providing ample evidence at trial. Promoters often employ eye-catching graphics and marketing materials to attract as many investors as possible in offering frauds and pump and dump schemes. Ironically, the very same flashy graphics may provide persuasive evidence of fraud to law enforcement officials, regulators, judges, and evenjuries. Additionally, the more far-reaching a spain campaign, the more likely the spain will reach a suspicious recipient who will, in turn, forward a copy of the spain to regulatory authorities. Indeed, the Enforcement Complaint Center, managed by the Enforcement Division's Office of Internet Enforcement, receives thousands of complaints each week from investors about spam e-mail plugging stocks and other investments.236 Thus, while the Internet appears to provide a veil of anonymity to online users, it actually facilitates the Division's investigative efforts by preserving a wealth of evidence against fraudsters who take their scams online.

CONCLUSION: THE NEW FRONT LINE IN WAR AGAINST SPAM

Top Ten Warning Signs That Your Kid May Be a Hacker

1. Your phone bill lists 1,987 household lines. 2. Your son tells you that his private interview with the Secret Service agent was for a social studies class essay. 3. You receive mail addressedto Phil E. Phreak....

234. Lester, Securities Act Release No. 17396, 2002 SEC LEXIS 511 (Mar. 6, 2002), available at http://www.sec.gov/litigation/iitreleases/Ir17396.htm. 235. Id. 236. Do Stock PromotionsNaming EldoradoExploration, Telatinos Fit New SEC 'Risk-Based' Profile?, FIN. WIRE, June 8, 2005. 237. Top Ten Warning Signs That Your Kid May be a Hacker, http://www.usd.edu/-bwjanes/ humor/hacker.html (last visited Oct. 3, 2005). UNIVERSITY OF TOLEDO LAW REVIEW [Vol. 37

Anecdotal evidence suggests that recent state and federal statutes imposing jail 2 3 time for sending deceptive spam deterred some spammers. ' Nevertheless, a multitude of spammers remain in the business. Many experts estimate that 14.5 billion spam messages are sent every day, and there is no sign that the overall amount of spanming activity has decreased (it is impossible to know, however, how2 39 much more activity would exist absent existing measures to stem the flow). Despite law enforcement's continued efforts, the war against fraudulent spam appears unlikely to end, but rather will move in new directions as spammers adapt to heightened enforcement activity. Alarmingly, some spamiers appear to be engaging in increasingly criminal behavior, as spam has mutated from annoyance to fraud and even outright theft. 240 AOL, the largest nationwide e-mail provider, reported to its members that spainmers have become more "'sophisticated, nefarious, shadowy, devious, deceitful, sneaky, malicious, and-unfortunately--dedicated"' in their motives and methods for sending spam."24' Further, AOL warned that "'hardcore, kingpin spammers"' have replaced most "small-time" spammers, a trend resulting in more sophisticated and damaging spam campaigns.242 How will these trends affect the Commission's fight against online fraud, particularly spam-related frauds? Fraudsters will continue to use spam and other evolving technologies to their advantage, whether to better hide their online identity or to conduct a new type of sham offering. When they do, the Enforcement Division will be there to keep them in check. The actions discussed in this article exemplify that online fraudsters already employ increasingly innovative and varied tactics to orchestrate their various schemes. The Enforcement Division's case

238. One of the world's biggest spanmers, Damon DeCrescenzo, allegedly dropped out of the spare business last year because of the new federal anti-spai law (presumably the CAN-SPAM Act). Alan Ralsky, arguably the biggest spanmer worldwide, is quoted as saying, "To start in this business today is almost impossible." See Frank Bamako, AOL Buyout Interest Reportedly High, CBS Marketwatch.com (May 6, 2004), at http://www.marketwatch.com/news/yhoo/story.asp?source=blq/ yhoo&siteid=yhoo&dist=yhoo&guid=%7BBF8F2F35%2D5AAC%2D43EE%2D8C42%2D 1B7A7 D39C160%7D. 239. Therese Rutkowski, Systems Under Attack, INS. NETWORKING NEWS, Sept. 2004, http://www.insurancenetworking.com/protected/article.cfm?articled=-2708&searchTerm=Systems %20under%20Attack (last visited Sept. 23, 2005). 240. Id. See also Phillip Robinson, PhishFinder: Don'tFallfor These Schemes, TRIBUNE NEWS SERVICE, Nov. 2, 2005; Old-fashionedJunk Mail Has Nothing on Today's Sneaky Spain, VENTURA COUNTY STAR, Sept. 13, 2004. 241. Joyce E. Cutler, Span, Virus ThreatsSeen Converging With More Sophisticated,Damaging Results, DAILY REP. FOR EXECUTIVES (BNA), Jan. 4, 2005 No. 2, at Cl. Some spanmers have adapted to new regulations by simply resorting to blatant crimes such as "brand spoofing," where a spam touting seemingly legitimate products or services links to a Web page mimicking that of a well-known company or brand. In fact, the real goal is to capture the customer's password, credit card, or social security number to simply steal his or her funds. In a similar scam, spanmers "phish" for customer account information and passwords by sending spare messages masquerading as legitimate communications from banks and other financial institutions. Deborah Radcliff, FightingBackAgainst Phishing,NETWORK WORLD, Apr. 11, 2005, at 48. One anti-spam group estimates that e-mail fraud and "phishing" attacks grew a whopping 4,000 percent from November 2003 to April 2004. Corillian IntroducesInnovative Solution to Catch Phish Before They Bite, BUs. WIRE, July 14, 2004, available at LEXIS, News & Business, News, All. 242. Cutler, supra note 241. Winter 2006] COMBATING SPAM

record, however, demonstrates its ability to track down perpetrators' online activities and their true identities no matter what type of online scheme or tactic is involved. The Commission, with its broad array of available relief (including officer and director bars, penny stock bars, broker-dealer bars, trading suspensions, and revocation of registration statements), remains uniquely well-suited to combat online investment-related fraud. The litany of SEC enforcement actions described in this article illustrate how the Commission invokes its powers to combat fraudulent spam. The Division's actions also demonstrate its commitment to bring to justice individuals participating in all levels of these schemes, from the main architect of a pump and dump scheme to the second-tier spanmer. These enforcement actions also highlight the Division's successful track record in working with criminal authorities bringing parallel cases. Because the Department of Justice and various state criminal authorities remain burdened with heavy caseloads and an emphasis on terrorism-related matters, it is crucial that the Commission remain vigilant against fraudulent online activities. The Commission can, and often does, share its knowledge and expertise in combating white-collar fraud with criminal authorities. Several individuals perpetrating pump and dump schemes and offering frauds via massive spam campaigns have been sanctioned in the Commission's civil actions and sentenced to imprisonment in parallel criminal 243 cases. If current anti-spam legislation like the CAN-SPAM Act survives inevitable constitutional and other challenges, criminal authorities conducting parallel investigations of spam-related investment frauds may add these violations to their list of charges. Whether or not the new legislation stands the test of time, the Commission will continue to rely upon the longstanding "tried and true" provisions of the federal securities laws which remain effective enforcement weapons against the most modem of online schemes. Buttressed by an enduring yet adaptable regulatory foundation, the Enforcement Division is taking an aggressive position at the front line of the ever-evolving war against fraudulent spam.

243. See, e.g., Smith, Securities Act Release No. 18130, 2003 SEC LEXIS 1116 (May 12, 2003), availableat http://www.sec.gov/litigation/litreleases/lr 18130.htm; Sheret, Securities Act Release No. 16453, 2000 SEC LEXIS 321 (Feb. 24, 2000), availableat http://www.sec.gov/litigation/litreleases/ Il 6453.htm; Conley, 1:00-cr-00816-DAB (S.D.N.Y. Aug. 3,2000) (slip op.); Hourmouzis, Securities Act Release No. 16532, 2000 SEC LEXIS 861 (May 1, 2000), available at http://www.sec.gov/litigation/litreleases/lr16532.htm. See also U.S. Funding Corp., Securities Act Release No. 17503, 2002 SEC LEXIS 1188 (May 3, 2002), available at http://www.sec.gov/litigation/litreleases/lr17503.htm; Gwinnett, Criminal Action No. 03-638 (KSH) (D.N.J. Sept. 11, 2003) (slip op.).